Some county auditors in South Dakota are getting nearly daily security updates from the Department of Homeland Security. At least one has thwarted hacking attempts already and many are leaning heavily on the state’s information-technology specialists as they prepare for the midterm elections.
The auditors are responsible for maintaining the voter-registration lists and supervising the election process, and so are understandably diligent.
But, Secretary of State Shantel Krebs says, the most effective security system to prevent hacking has been in place in the state for years — the paper ballot.
“The beauty of that is that South Dakota does not use online voting systems,” Krebs said. “We rely on a paper ballot. The security and integrity of South Dakota votes remains secure because we utilize the paper ballot.”
Still, Krebs said her staff members are vigilant for any attempted hacks and are being assisted by specialists with the South Dakota Bureau of Information and Telecommunications as the election date nears.
“Of course, we are always watching,” she said. “We are always being made aware of any concerns of the Department of Homeland Security, which they pass along. All secretaries of state across the nation are informed about information that would be pertinent to them. There is open communication and updates of things going on and what to be watchful for.”
South Dakota has electronic voter rolls, but the statewide database is maintained by individual county auditors. Several security procedures are in place regarding access to that system, including an authentication-key process that is constantly changing in what Krebs describes as “a triple security check.”
Auditors approaching election with confidence, care
Minnehaha County Auditor Bob Litz said his staff didn’t notice any attempted intrusions in the 2016 presidential election. But in hindsight, and after a review by Homeland Security and its Fusion Center, he said hackers had attempted to access the county’s system.
“They could have been from anybody,” Litz said. “Whether it was Fancy Bear — the Russians — we don’t know, and we don’t know if it was election-based or just seeking general information. There is no evidence that they were able to steal any data.”
While Pennington County had no reports of attempted intrusions in the 2016 presidential election, Auditor-elect Cindy Mohler said this week that her Rapid City office received a recent visit from a representative of DHS’s Fusion Center.
“They work in the internet world and they met with us and our IT department and gave us a heads up on what to be on the lookout for in terms of phishing emails, including our own social-media pages,” Mohler said. “They just wanted us to keep an eye out so we’re not getting hacked or someone is duplicating our accounts. It’s so common, if you think of the internet at all in those terms, and they are things we have previously talked about with our IT department.”
While Mohler said she expected periodic updates from DHS, she said she was not overly concerned about hacking in this week’s election.
“Not electronically I don’t, because we use paper ballots,” she said. “Our scanners are not connected to the internet. They are secure when we leave at night. Our doors are locked so no one is going to tamper with the programming.
“Voters should know we’re going to do our best to secure the integrity of their vote,” Mohler added. “We want to ensure that everyone’s vote is counted. We always work to make sure those tallies are accurate.”
In the lead-up to this year’s election, Litz said hacking attempts have become more frequent in Minnehaha County.
“In 2016, we had our usual phishing expeditions, but this time around we’ve had a significant ramp-up of people trying to infiltrate our systems,” Litz said. “I get advisories every day or every other day from Homeland Security, and our county IT is taking proactive steps with regard to hacking attempts.”
Litz also credits the state Bureau of Information and Telecommunications with serving as an “umbrella” to thwart attempts to infiltrate voting systems statewide.
“It gives me some level of comfort,” he said.
Litz said he was so concerned about election security that he and a staffer specializing in election oversight attended the August DEFCON 26 conference in Las Vegas, where they met with Dr. Douglas Maughan, director of cybersecurity for DHS, and “found out what’s really going on.”
“There is absolutely increased hacking activity this year,” Litz said. “I would characterize many of the attempts as crude, but we’ve caught some more sophisticated ones. And, they’re not just going after work computers and home laptops, but also cellphones. It’s important to keep them all locked up.”
Maxine Fischer, who has served as Brown County Auditor since 1991, said she has never experienced attempted hacking and has not been contacted by Homeland Security regarding election security. She is confident in the integrity of her county’s election system.
“We do everything we can to secure the ballot, and we are very careful,” Fischer said. “There is a certain trust involved, and we are very conscientious about our job.”
Likewise, in Lawrence County, Auditor Brenda McGruder said she had not been notified of any attempted hacks of her system, nor had she had contact with Homeland Security relative to this year’s election.
“As far as our voter system, I’m confident and the voters of South Dakota should feel confident, too,” McGruder said. “From the secretary of state’s office right down to the county auditors, we all take our jobs seriously.”