Omnibus has millions to strengthen CT voting system against cyber attacks

Washington – The massive omnibus spending bill President Donald Trump has signed into law contains $380 million — including up to $5 million for Connecticut – to protect digital voting systems from cyberattacks.

The Department of Homeland Security revealed last year that Russian hackers targeted voting systems in 21 states – including Connecticut — as part of its broader effort to influence the 2016 presidential election. While most of the targeting was not successful, the revelation spurred efforts in Congress to address voting system cybersecurity ahead of future elections.

Connecticut Secretary of State Denise Merrill has asked the state to fund two IT positions at her agency to help strengthen protections of the state’s electoral system. Currently the state’s election system relies on an IT team that works for all state agencies.

Merrill says she wants an IT staff “with substantial knowledge of elections” to help fend off cyber threats.

The election chief’s request is pending.

The federal funds in the omnibus, which Merrill says will amount to between $3 million and $5 million for her agency, will be released within 45 days.

Merrill said she plans to use that money to buy equipment, and especially to train election personnel in the state’s 169 towns.

“There is no question we could use some more help,” she said.

Sen. Richard Blumenthal, D-Conn., had pressed the Democratic and Republican negotiators of the omnibus bill, which Trump signed Friday, to include money to help state and local officials harden their election systems against a cyber threat.

“Free and fair elections are the foundation of our democracy, and secure voting systems are their cornerstone,” Blumenthal said. “This funding will help ensure that state and local officials on the front lines of our democracy have the resources they need to ensure the integrity of our elections. “

Besides targeting cyber vulnerabilities, the federal funds also will allow cities and states to replace outdated voting machines that do not provide a voter-verified paper record and implement post-election audit systems.

Merrill said she does not know the precise nature of the Russian attacks on the state’s voting system, which were not successful. That’s because she did not have the requisite security clearance to be privy to that top secret information.

But Merrill recently received a secret security clearance from the federal government, allowing her to receive detailed election cybersecurity briefings from the Department of Homeland Security.

“I will be able to be informed when something happens,” she said.

Merrill said the state’s electoral system receives 5,000 to 10,000 “pings” a day from hackers trying to access the data, most likely for commercial purposes. None of those attempts are successful.

“It’s like someone rattling the doorknob,” she said.

Merrill does not know, however, if the Russian attacks on Connecticut’s electoral system were just “pings” or something more serious.

“It could have been a ping; it could have been a scan,” she said. “Under the (DHS) clearance system, they could not let us know.”

Connecticut’s Secretary of the State’s office also has recently joined the Election Infrastructure Information Sharing and Analysis Center, a new, Department of Homeland Security-backed center to coordinate and share information on election security.

While Russian hackers pose a threat, Merrill said there are other dangers to the U.S. election system.

“I think the biggest problem is the mistrust the American public has in the elections,” she said.