NGA selects six states for election cybersecurity policy academy

Arizona, Hawaii, Idaho, Minnesota, Nevada and Virginia will spend the next six months studying election security to come up with plans ahead of the 2020 election.
NGA backdrop

The National Governors Association announced Wednesday the six states that will participate in the organization’s latest cybersecurity policy academy.

Officials from Arizona, Hawaii, Idaho, Minnesota, Nevada and Virginia will spend the next six months studying election security to come up with plans and practices to protect the integrity of their voting systems ahead of the 2020 presidential election.

The NGA has convened the cybersecurity policy academies, which are run by the group’s Homeland Security and Public Safety division, since 2016. Last year’s program — which included Indiana, North Carolina, West Virginia and Wisconsin — focused broadly on IT security, ultimately producing a set of recommendations for greater collaboration between state and local governments.

The 2019 academy will focus more closely on issues related to election security, from building protections around voter registration databases to developing better communications between agencies. Participants will include governors’ office staffers, election directors and statewide cabinet agencies, the NGA said.


Elections jumped to the top of states’ cybersecurity concerns following the 2016 presidential election when it became known that hackers working for the Russian government had waged massive social-media disinformation campaigns and also attempted to access voter files in at least 21 states. Those threats led to federal officials in early 2017 to declare election systems a part of the United States’ critical infrastructure, clearing the way for greater cooperation between the Department of Homeland Security and state and local election officials, and the creation of groups like the Election Infrastructure Information Sharing and Analysis Center.

Additional details about cyberattacks against states’ election systems in 2016 continue to drip out three years later. Florida Gov. Ron DeSantis disclosed last month that Russian hackers penetrated election officials’ files in two Florida counties in 2016, prompting him to order a statewide review of election cybersecurity. And an election-technology vendor employed by Durham County, North Carolina, was found on Wednesday to have used remote-access software on the eve of the 2016 election that could’ve been exploited by hackers. No evidence has surfaced in either state that these incidents led to manipulations of actual vote totals, however.

The NGA says the six states in the new policy academy were “competitively selected,” though the organization did not say how many applied.

The organization also held a cybersecurity conference last month in Shreveport, Louisiana, that brought in chief information officers, chief information security officers and emergency management officials from all 50 states. During a session on election security, officials from several states talked about how 2016 nudged them to rethink how they protect the technology they use to conduct elections and the integrity of the ballots they collect. New Jersey elections chief Robert Giles, for instance, said his team delayed a new online voter registration system that was set to launch in 2017 after early assessments revealed vulnerabilities. The state will launch a revised, more-secure version in August, he said.

The election cybersecurity policy academy will run from June through December. Along with the NGA, the program is supported by the University of Southern California, the National Association of Secretaries of State, and the National Association of State Election Directors. It also receives financial support from the Democracy Fund, a foundation created by eBay founder and the Intercept publisher Pierre Omidyar.

Latest Podcasts