Christine Stuart / ctnewsjunkie
Secretary of the State Denise Merrill (Christine Stuart / ctnewsjunkie)

HARTFORD, CT — Connecticut’s electoral system was targeted in 2016 by “agents of the Russian government,” and while they were unsuccessful at breaking into the system Connecticut officials are going on the offensive with some help from the federal government.

“Every potential voter in this state should know we are taking steps to ensure our election infrastructure cannot be affected by foreign actors,” Secretary of the State Denise Merrill said. “In Connecticut every vote cast will be a vote counted.”

With the help of the Election Cybersecurity Task Force, Merrill said she will use part of $5.12 million in federal funding to purchase 169 additional optical scan tabulators. The Accu-Vote tabulator Connecticut uses hasn’t been manufactured since 2007 but there is a supply of used machines on the market.

Another $200,000 will be spent on training local election officials about cybersecurity and $1.89 million will be used to protect the centralized voter registration database, which is the most vulnerable part of Connecticut’s voting system.

They also plan to use about $1.09 million on making sure the desktop computers the towns use to connect to the centralized voter registration database is secure.

Merrill said they also plan to hire a full-time cybersecurity consultant for a period of four years to evaluate our security. There will be another $600,000 for consultants and $440,000 for the Center for Voting Technology Research at the University of Connecticut, which audits the memory cards that go into the tabulators before and after elections.

Back in May during the first meeting of the Elections Cybersecurity Task Force, Sue Larsen, president of the Registrar of Voters Association of Connecticut, said that registrars would like to get training on malicious emails and cybersecurity.

“We feel right now we’re not up to speed in what’s happening in the cybersecurity area,” Larsen said.

Merrill said most hacking of systems stems from phishing emails that include a link that looks like it’s from a trusted partner like the company that manufactures the voting machines, when it’s really a malicious actor trying to gain access to the database.

The only way into the central registration database is through the secure connection at the desktop computer in the local registrar of voters office.

There’s no Internet access to the results of the election, just the list of every voter in the state.

It’s unclear what would happen if someone gained access to the database and if they would seek to add or delete voters and cause confusion at the polls.

Merrill said the Russians were only able to breach the firewall in Illinois in 2016, but even though they got through nothing actually happened. She said no names were changed and “nothing actually happened, so we don’t really know what they were trying to accomplish.”

Merrill said the state receives about 1 million attempts to gain access daily, so far all have been turned away.

She said most attempts are not foreign actors but people data mining for commercial purposes.

Larsen also asked Merrill to spend some of the money to help update the systems in several small towns were they are still using Windows XP—an operating system that was released for sale in 2001.

Merrill said $200,000 of the $5.12 million will got to assist small towns withdated unsecure workstations.

In Connecticut, the voting tabulators where voters put their paper ballots are never connected to the Internet.

She said the true target of the Russian attack “was the faith and trust that Americans have in their elections.” She said the Russians failed at hacking into any of the systems, so it’s uncertain what their intent may have been.

She said the only impact they could have is “sowing doubt in an already cynical public.”

She said they have to fight against the perception that elections are rigged because that will lead to fewer people voting.

“What we know is the Russians continue, continue to try and manipulate our political system,” U.S. Sen. Chris Murphy said. “We have to remain vigilant.”

U.S. Sen. Richard Blumenthal said the Russian interference in the 2016 election was “an act of war,” and should be treated as such.

“This nation is lacking in a good offense on cyberattacks that are ongoing daily against our essential infrastructure,” Blumenthal said.

Secretary of State Denise Merrill on voting security. Says she will use $5.12 million grant to buy optical scan machines, online training and enhanced password protection for local officials.

Posted by on Monday, September 24, 2018