Hackers attack the state’s voter database and other election systems thousands of time every day, but Secretary of State Michele Reagan says Arizona is in a better position to fend them off than two years ago.
“They are looking to see if a window is open; if it isn’t, they move on,” she said.
Reagan says the level of preparedness to secure the integrity of elections is a “night and day” difference from 2016.
“We didn’t even know who to call if there was an issue then,” she said in a phone interview Friday. “Now we do.”
Closer to home, Pima County’s registrar of voters says his department is doing everything in its power to protect the system as well.
President Trump last week had his security experts explain what methods are being taken by his administration to keep the midterm election free from outside interference.
Reagan says her office has been in contact with federal agencies like the FBI and Department of Homeland Security to make sure voters, and their data, are secure.
She said Arizona has been aware of potential data breaches since at least June 2016, when a Gila County employee had a computer hacked, which could have put the entire state’s voter registry at work.
“We shut down the database for 10 days and the FBI came out and inspected everything and determined that the system hadn’t been breached,” she said. “But that was a huge wake-up call.”
She said before the last vote, nobody was talking about hacking elections and the government didn’t know what to prepare for.
Now, Reagan says her IT team is in contact with DHS weekly, communicating concerns while also receiving updates from their counterparts at the federal level.
“They let us know about suspicious IP addresses to watch for, or new malware we have to be aware of,” she said. The level of communication between her office and the feds “has been the biggest change,” she added.
“I saw Eric Holder say in 2016 that he had been in contact with all the secretaries of state, and I paused and said to myself, ‘I’ve never talked to Eric Holder or anyone from his office,’” Reagan said.
It took the current administration a while to get established, but since the beginning of 2018, the efforts to secure the election have accelerated, she said.
Reagan stressed that the main concern is not with actual votes being hacked or changed, but rather data breaches, such as what happened with the Democratic National Party emails in 2016.
“The voting machines are not hooked up to the internet, they aren’t online,” Reagan emphasized. “No one can sit out in their car in the parking lot and change your vote.”
She added that even if someone were able to alter an electronic ballot, state law requires a paper record also be created.
“If you’re using an electronic voting machine, there is a ticker tape recording what buttons you push,” she said. “So there is always another way to verify a vote, we can always go back and check if needed.”
She added that many states do not have laws requiring paper backups, even though “every security expert we talked to said you should have that law.” Also, most voting precincts in the state still use the old-fashioned paper ballots.
“We don’t use the Smartmatic machines owned by George Soros or anything like that,” she said.
She said the larger concern is a breach of the voter registration database, where someone with malicious intent could really cause damage.
“Imagine if they planted malware that went off the day before the vote that changed everyone’s information or removed them from the system,” she said. “That would be a nightmare.”
To prevent something like that from happening, the state has taken every precaution recommended by the FBI, such as implementing multi-factor authentication and adding extra levels of security to cloud-based data.
Pima County Chief Deputy Recorder and Registrar of Voters Chris Roads echoed many of Reagan’s remarks, saying the county has been on numerous conference calls with DHS and exchanged information.
He said the county hired a third-party security company to analyze its systems and provide a number of possible upgrades based on any vulnerabilities that may have been detected.
“After that evaluation the vendor made some suggestions on how to make the system even more secure than it was, and we have implemented those recommendations,” he said via email.
Roads declined to get into specific actions taken to protect voters, saying such information would be “a hacker’s dream roadmap of how our system works.” But he did say the county was constantly monitoring for threats.
“I can tell you we have a series of security measures in place for the systems in our office and those measures are regularly reviewed and updated by our computer staff,” he said.
Reagan hasn’t seen an increased number of attacks leading up to the primaries, but there could be an uptick at any time.
“We will be watching,” she said.
The goal is to stay one step ahead of anyone who wants to tamper with the process.
When it comes to protecting the election and voter data, “we’re pretty confident that our system is secure,” Reagan said, “but we always says it’s a race, and there is no finish line.”