By Joseph Marks
In this Nov. 6, 2018 file photo people vote at a polling place in Las Vegas. (AP Photo/John Locher,File)
PRINCETON, N.J. — If Russian hackers seek to disrupt the 2020 election, it will be county election officials on the front lines. And some are diving in to war games so they can be ready for anything Moscow or another U.S. adversary can throw at them.
Election officials from New Jersey’s 21 counties huddled at tables in a hotel ballroom here, hashing out how they’d respond to Election Day cyberattacks. In some attack scenarios, hackers shut down voter registration databases, loaded voter files with phony information, or compromised county social media accounts so they start spreading false information about polling locations. They also prepared for what happens if attackers locked up election office computers with ransomware or shut down cellphone towers across multiple states.
How the U.S. fares during an Election Day hack is likely to rest on the response of local election administrators in the first few hours, state and federal officials told me.
“The county level is where all the risk is,” a Homeland Security Department cybersecurity official who was helping one county with its response-planning told me. “They own it in a way no state official does and certainly no federal official could. It’s always live or die at the county level.”
The war-games are a sign of how drastically local politics has changed in this new era of cyberwar -- preparing responses to attacks by a powerful nation-state is a far cry from more ordinary tasks of getting poll workers to voting locations on time and planning contingency operations for storms or other physical disasters. And there's no turning back, as federal offiicals have warned Russia is likely to try to repeat its hacking and disinformation campaign in 2020 and other U.S. adversaries, including China, Iran and North Korea, may try as well.
"I regret to report that I believe it will get worse before it gets better," former DHS Secretary Jeh Johnson, who oversaw DHS’s response to Russia’s 2016 election operation, told the New Jersey county officials during a lunchtime speech.
More than a dozen states have held election hacking war games for county officials during the past two years — many of them with help from the Department of Homeland Security. But the vast majority of those exercises have been done behind closed doors.
During the New Jersey exercise, county election officials had five minutes to game out a response plan to each hypothetical attack — typically getting their ideas by flipping through thick binders where they keep plans for all kinds of contingency scenarios.
Every time a county didn’t come up with a plan within the five-minute limit – or came up with a bad plan — a facilitator made a note in the county’s evaluation. In the coming months, state election officials will be poring over those evaluations and working one-on-one with county officials to fix everything they did wrong, officials said.
In some cases, county officials told me they’d already worked out detailed responses to numerous types of cyberattacks. In other cases, the counties were only beginning to game-plan out how they might respond to digital attacks.
Counties have trained for years to keep elections running despite physical disasters such as hurricanes and disease outbreaks, but they’ve been on a crash course learning about responding to cyberattacks since the 2016 election, Robert Giles, director of the New Jersey Division of Elections, told me.
“We've evolved so much since 2016 and I think the counties have a good handle on it now,” Giles told me. “The point of this exercise is to get them to think about all the potential things that could happen … Doing their due diligence and having a plan in place so they can be responsive.”
The exercises also give DHS a better idea of where the agency can offer more help to local election officials, Chris Krebs, director of DHS’s Cybersecurity and Infrastructure Security Agency, told reporters on the sidelines of the exercise. Krebs’s agency has been racing across the nation to do cybersecurity testing and training for state and local election officials since soon after Russia’s hacking and influence operation undermined the 2016 contest.
“It’s about both knowing what to do on a bad day but also issue spotting beforehand so we can minimize the chances of those things happening,” he said.
A Justice Department sign. (Patrick Semansky/AP)
President Trump listens to national security adviser John Bolton. (Leah Millis/Reuters)
Bolton's cyber legacy:— Eric Geller (@ericgeller) September 10, 2019
1️⃣ Eliminating WH cyber coordinator job
2️⃣ Downgrading homeland security adviser
3️⃣ Pushing for more aggressive operations to deter & punish
He was especially in sync with other officials on 3️⃣ (see NSPM 13 & CyberCom's "persistent engagement" strategy).
The Iowa state flag. (Charlie Neibergall/AP)
Wall Street Journal