State

Florida to spend $5.1 million on election cybersecurity, governor says

Gov. Ron DeSantis also said the state will soon begin a statewide election cybersecurity review he ordered after two counties were successfully hacked in 2016.

By Benjamin Freed

June 19, 2019

Florida Gov. Ron DeSantis, center, and Secretary of State Laurel Lee, right, announce new spending on election security. (Office of the Governor of Florida)

Four weeks after he ordered a top-to-bottom review of his state’s election security practices, Florida Gov. Ron DeSantis this week announced $5.1 million in spending to bolster the cybersecurity of voter registration files and county boards of elections.

The money is coming from two sources, DeSantis said. First, the state will distribute $2.3 million remaining from a $19.2 million grant it received last year from the U.S. Election Assistance Commission. The remaining $2.8 million was recently approved by the Florida Legislature in its appropriations for the upcoming fiscal year.

DeSantis also said Secretary of State Laurel Lee will oversee a review of the cybersecurity policies of the election supervisors in Florida’s 67 counties. The review is meant to identify and mitigate potential vulnerabilities before voters go to polling places in 2020. Once the reviews are complete, cybersecurity workers from Lee’s office will continue to provide regular monitoring of election supervisors’ networks, while her information technology staff will provide direct support to some of the state’s smaller counties that have limited IT budgets.

“Not every county has the same amount of resources so we wanted to be there to offer support so the elections run smoothly,” DeSantis said Monday at a Tallahassee news conference.

DeSantis ordered Lee to come up with a cybersecurity review process last month after state officials learned that Russian government hackers successfully penetrated election officials’ files in two counties during the 2016 presidential election using a spearphishing technique. The attack was first described in April with the publication of Special Counsel Robert Mueller’s report on foreign interference in the election, and made more visible May 14 when DeSantis said federal officials made him sign a non-disclosure agreement after he was briefed on the details. Members of Florida’s congressional delegation who were briefed have also been required to withhold what they learned about the spearphishing attack.

In total, hackers inside the Russian military’s Main Intelligence Directorate sent malicious emails to at lest 120 local election officials across Florida in the closing days of the 2016 election, according to the Mueller report. While officials have clammed up when asked publicly which counties were attacked, one has been identified in reports as Washington County, a rural, 25,000-person jurisdiction on the Florida panhandle.

Lee, speaking after DeSantis, said any vulnerabilities found in her office’s review of county election supervisors’ cybersecurity will be patched before Florida’s presidential primary next March. She said her office will also conduct follow-up assessments and regular network monitoring as the primary vote approaches.

“The department will ensure no county stands alone against foreign threats to election,” she said.

Though DeSantis thanked Florida legislators for the $2.8 million they approved on top of the remainder of the state’s EAC grant, he left open the possibility Florida will need more money for election security before the next general election. If it does, he said he would ask for another appropriation in the next budget session.

“If we need more resources we’ll ask for it in the budget,” DeSantis said. “The issue of cyber is not going away. We can’t act like this is a one-off deal.”