Despite widespread alarm over the breadth of Russian cyber attacks on state and local election systems last year, including revelations of Dallas County being targeted, Harris County officials are refusing to say whether hackers similarly took aim at the nation’s third-largest county.
Releasing information on whether Harris County election systems saw attacks from Russian hackers would threaten the county’s cyber security by emboldening hackers to further target local systems, county officials said this week.
The county’s argument was dismissed by experts, who said the secrecy is unnecessary, and could actually downplay the seriousness of the threat and the resources needed to combat it.
“There’s this concept in security called ‘security through obscurity,’ sort of, if they don’t know about it they won’t come after it,” said Pamela Smith, a consultant at Verified Voting, a San Francisco-based nonprofit that promotes voting integrity. “But to really have robust security, you want people to be able to know that it’s there … I think what the public wants to know is that you’re aware of the threat and you’re taking steps to mitigate.”
Bruce High, the chief information officer and executive director of the county’s Central Technology Services, said Harris County overall sees on average more than a million hack attempts every day. He even acknowledged a recent “spike” in attempts to hack Harris County servers from outside of America’s borders.
Dan Wallach, a Rice University computer science professor and scholar at the Baker Institute for Public Policy, who has testified before Congress about the cyber security threat to elections, said that to an advanced threat like Russia, there likely are no secrets about Harris County elections.
Asked if Harris County had been targeted in a similar manner as Dallas County, High said the county had not received a list of IP addresses from the Department of Homeland Security. He added that both the FBI and the Homeland Security department will flag Harris County when they have concerns about specific IP addresses.
High did not respond to questions seeking details on how often such concerns are brought up, how big of a “spike” in hacking attempts the county was experiencing and over what period of time, whether that spike was election-related or which systems had been targeted.
Wallach said he was concerned about the ability of many local jurisdictions, including Harris County, to protect against a targeted threat from an advanced adversary like Russia. He said he believed it was probable that Russia had at least targeted Harris County servers, but also that in many cases, attackers are so sophisticated that local officials would not even know that their systems had been breached.
“The category of adversary we’re facing now is not something that Harris County government is equipped to deal with,” Wallach said.
I work in IT security and had a few thoughts about this, but then I saw that Dan wrote this piece with a much deeper analysis than I had done, and I figured it was better to outsource this to him.
Computer security experts who deal with nation-state activities use the term “advanced persistent threats” (APT) as a shorthand to indicate that our adversaries have significant capabilities, including both engineering resources and spycraft, to quietly break into our computers, spread out across our networks, and avoid detection. It’s common for APT attacks to last for months to years prior to detection.
Given these threats, we need to conduct a serious analysis of where our elections stand. Harris County’s Hart InterCivic eSlate voting machines, for example, haven’t had any major security updates following studies conducted a decade ago by the states of California and Ohio. (I was part of the California effort.) In short, an attacker need only tamper with a single voting machine. After that, the infection can spread “virally” to every machine in the county.
Compounding the problem, all of our vote-tabulating systems are running Windows 2000, for which Microsoft dropped all software support, including security patches, seven years ago.
In the lead-up to the 2018 election, it may be financially infeasible for a complete replacement of our voting machines. We only just recently purchased our voting machines after a 2010 warehouse fire destroyed our original fleet of eSlate machines, so the funds aren’t likely to be available so soon for replacements.
What’s clearly necessary, since we know the Russians targeted voter registration systems, is a major upgrade to the way our voter registration systems are managed. A redesigned system would still, by necessity, require Internet connections so voters can verify their correct polling places, see sample ballots, and so forth. Most notably, during our early voting period, we need an online database to track which voters have cast ballots.
A modern design, intended to operate even if the entire Internet failed while the election was ongoing, would involve making local copies of the database at every voting center. Unsurprisingly, the needs of Harris County are essentially the same as the needs for every other county in our state, suggesting that a state-level procurement could be an efficient way to improve the voter registration security for every county’s voters.
Another short-term recommendation will be for Harris County to upgrade its systems to the latest versions of Microsoft’s operating systems, even though this will require a waiver from Texas’s election certification requirements. Even though our vote tabulation systems are hopefully never connected to the Internet, they are nonetheless unacceptably weak in the present threat environment.
Likewise, Harris County needs to hire a professional security “penetration testing” firm to identify other soft points in its infrastructure and prioritize repairs; such consultants need to be brought in on a regular basis for check-up exams. We also need forensic security auditors to do a deep dive into our county’s existing systems to make sure they’re as clean as we hope them to be. This isn’t just a matter of running some anti-virus scanner, since APT adversaries use tricks that automated scanners won’t detect.
There’s more, so go read the whole thing.
At the very least, I hope we can all agree that any system that is still using Windows 2000 (!!!) needs to be upgraded or replaced. Dan (who as you know is a friend of mine) puts in a plug for the STAR-Vote system that he helped design, and it’s definitely something the county and the state should consider. I just hope we take this seriously before something bad happens.
UPDATE: Hector DeLeon, the Director of Communications and Voter Outreach for the County Clerk, has emailed me to say that the county tabulation system is running on Windows 7, not Windows 2000 as stated in Wallach’s op-ed. He says they have made this same correction to the Chronicle as well. My apologies for the confusion.