Experts: What states can do to secure their elections

Newly released "playbooks" from a bipartisan team at Harvard's Kennedy School of Government aims to help state and local elections officials protect against hacking and disinformation.

Here are the group's key findings and recommendations.

KEY FINDINGS

— Elections officials generally lack the resources to secure their operations, especially in smaller counties. Many can't even afford such vital security measures as two-factor authentication, which helps protect networks by requiring users to verify their identity twice, usually with codes texted to their phones, when logging in.

— Voting equipment vendors, which play an outsized role in elections because local poll workers often have limited tech skills, can be easy, valuable targets. More than 60 percent of U.S. voters cast ballots on systems owned and operated by a single company. Hostile infiltration of one vendor could affect many elections.

— Don't just worry about the Russians. Insiders and people seeking political gain or notoriety also pose potential election-manipulation threats.

RECOMMENDATIONS

— Institute background checks for everyone with access to sensitive elections information and privileged systems. This includes voter registration databases and vote tabulation and reporting systems. Employees of voting-equipment vendors should also be cleared this way.

— Voting systems should have a paper trail — a physical copy of every ballot cast. Without one, it's impossible to "audit" elections after the fact to detect possible tampering. Five states continue to rely wholly on digital-only voting machines that leave no paper trail.

— Audits should be standard, with paper records confirming electronic results. Currently, the only states requiring the rigorous audits recommended by voting technology experts are Colorado and Rhode Island.

— Officials should be transparent about any election threats and immediately explain to the public what they are doing about them. This doesn't come naturally to organizations that typically shun the spotlight.

___

Online: https://www.belfercenter.org/publication/state-and-local-election-cybersecurity-playbook