DHS moves to defend city and state voter registration databases from ransomware attacks
Posted August 26, 2019 6:36 p.m. EDT
CNN — The Department of Homeland Security is creating a program to keep voter registration databases from being infected with ransomware in an effort to avoid a disastrous Election Day scenario in which a malicious actor -- either a meddling government or an opportunistic criminal -- would lock up the systems used to verify who is allowed to vote.
The program, which will consist of outreach to state and local government officials, will launch in roughly a month, an agency spokesman confirmed.
"Recent history has shown that state and county governments and those who support them are targets for ransomware attacks. Voter registration databases could be an attractive target for these attacks," Chris Krebs, DHS's top cyber official, said in a statement provided to CNN.
News of the program was first reported by Reuters.
'Russians are absolutely intent'
Much of the voting process is usually done offline as a means to minimize potential interference. Voter registration systems, however, tend to be online, as they're frequently updated.
DHS already offers election security assistance to cities and states. This new program will offer materials to help prepare officials for possible ransomware scenarios.
If requested, DHS will conduct computer penetration testing on city and state systems, as well as vulnerability scans and provide educational material, including guidelines on how to prevent and recover from a ransomware attack.
The program is voluntary.
According to intelligence officials and former special counsel Robert Mueller's office, Russian military intelligence broke in to the voter registration database of the Illinois State Board of Elections in 2016, then accessed the state voter registration database.
On the Hill, Democrats plan to make security for the 2020 elections a central focus. Republicans have blocked bills focused on election security even as senior security officials warn that Russia and others continue to pose a threat.
In July testimony before Congress, Mueller warned that Moscow continues to probe for weaknesses in the US election system. "They're doing it as we sit here," Mueller told lawmakers of Russian interference.
FBI Director Christopher Wray had told Senate lawmakers the same thing two days earlier, but added that the bureau has the problem in hand.
"The Russians are absolutely intent on trying to interfere with our elections," Wray told the Senate Judiciary Committee. "My view is until they stop, they haven't been deterred enough."
Ransomware is a type of virus that encrypts a computer's files, demanding a payment -- usually in the digital currency Bitcoin -- to be unlocked. It's often written and deployed by individual criminal gangs for profit, though the US has formally accused intelligence officers in North Korea and Russia, respectively, of crafting the two most dangerous strains ever seen.
While overall ransomware reports have slightly declined recently, ransomware against smaller US government targets have risen, in part because county and city governments tend to have smaller IT budgets, and in part because their services are deemed essential. In 2019 alone, ransomware has infected city systems in Baltimore; Albany, New York; and 22 cities in Texas.
"A successful ransomware attack at a critical point before an election could limit access to information and has the potential to undermine public confidence in the election itself. That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks," Krebs said.