The 2018 Election May Not Have Been A Cyber-Nightmare, But It Wasn't Perfect

Dec 24, 2018
Originally published on December 24, 2018 4:57 pm
Copyright 2018 NPR. To see more, visit https://www.npr.org.

ARI SHAPIRO, HOST:

A widespread cyberattack did not strike U.S. election systems before the midterms, as many people had feared. It seems we avoided a repeat of 2016, when Russia broke into at least one voter registration system and targeted election systems in a number of other states. Yet the threat of another attack isn't going away, as NPR's Miles Parks reports.

MILES PARKS, BYLINE: On Election Day, the Department of Homeland Security made a big show of the effort it was making to monitor threats. A year ago, the department was panned for taking so long to get information about Russian probing of state election systems to the states themselves. This year, DHS set up a Cyber Command Center in Washington, D.C. And top officials spoke with reporters every three hours from 9 am to midnight about what they were seeing. And what they were seeing was basically nothing.

MATTHEW MASTERSON: We didn't see any coordinated effort or targeting that interrupted the elections process.

PARKS: That's Matt Masterson. He's a senior cybersecurity adviser at the Department of Homeland Security.

MASTERSON: There wasn't that level of activity targeting certainly anywhere close to what we saw in 2016.

PARKS: There were issues with the 2018 election. Voters waited hours to cast ballots in some places. Florida added to its reputation for shoddy election administration. And a congressional race in North Carolina is still up in the air, as the State Board of Elections investigates potential election fraud by a political operative. But nothing was detected like the coordinated cyberattack Russia waged leading up to 2016. Experts say that's not because the system is all of a sudden completely secure.

ALEX HALDERMAN: There wasn't anything technically stopping Russia from doing widespread damage. It's just that they decided not to.

PARKS: That's Alex Halderman. He's a computer science professor at the University of Michigan. And he spent the past decade warning anyone who will listen about how hackable American elections are. Recent polling from Pew shows that Americans are significantly less worried about election hacking now that an election has gone by without a major cybersecurity incident. Before the election, 55 percent of people thought the U.S. was not secure enough from election hacking. Afterward, just 35 percent thought the same thing.

HALDERMAN: There is some risk that people will look at 2018 and say, well, nothing happened. That means we're OK. But unfortunately that's not the case.

PARKS: Cybersecurity in elections is absolutely better than it was two years ago. Congress allocated $380 million this year for states to improve their systems. A good step, but it wasn't even enough to fix maybe the most glaring vulnerability. There are jurisdictions in more than a dozen states where people still vote without a paper record.

HALDERMAN: Paper is absolutely essential. It might seem low-tech, but it's the kind of physical fail-safe mechanism that can't be changed in a cyberattack.

PARKS: The problem is when it comes to getting more funding, it's easier for election officials to make a case right before an election or right after a major malfunction. 2019 is neither of those. Colorado Secretary of State Wayne Williams referenced the attack on Pearl Harbor and the action it spurred from the American military in explaining the difficulty.

WAYNE WILLIAMS: It is easier to sell defense spending on December 8, 1941, than it was was on December 6.

PARKS: Experts say a successful model for funding elections should actually involve annual investments from the government - not one-time infusions of money - since technology is constantly evolving. Cybersecurity, Williams said, is not something where you can just check a box and say you're done. Miles Parks, NPR News, Washington.

(SOUNDBITE OF KURT VILE SONG, "MUTINIES") Transcript provided by NPR, Copyright NPR.