A bill working its way through the Ohio legislature would boost the state’s spending on election-related cybersecurity and also fund the creation of a group of civilian professionals who could be called upon to respond to a cyberattack.
Senate Bill 52 would give the secretary of state’s office the funds to hire its own chief information security officer to coordinate efforts to protect the state’s voter registration database and other computer systems related to voting. The legislation also seeks to reform Ohio’s post-election audit process.
Under the bill, boards of elections in the state’s 88 counties would be required to conduct a hand-counted review of ballots after every election, using either voter-marked paper ballots or the receipts printed by electronic voting machines in the counties that use them. Ohio’s current election laws do not require post-election audits, but the secretary of state’s office has traditionally mandated county boards conduct them after general elections in even-numbered years.
Ohio Secretary of State Frank LaRose has endorsed the measure, and testified in support of it before the Ohio Senate on Tuesday.
Along with formalizing the audit requirement, the bill would also make the process more open to the public by making auditing procedures viewable by appointed observers, media and members of the public, and requiring election boards to publish the results of audits online.
Funding for expanded audits was a major component of the plan LaRose’s predecessor, Jon Husted, submitted last year to the U.S. Election Assistance Commission when it gave Ohio a $12.2 million grant to improve election security. Husted’s plan called for spending $2.1 million of that money on helping local election boards expand their auditing procedures through the 2020 general election. (Husted was elected lieutenant governor last year and now runs a statewide innovation office.)
Beyond elections, Senate Bill 52 also calls for the creation of an Ohio Cyber Reserve, which would be composed of civilian cybersecurity experts who could be brought in to help the state or local governments respond to a cyberattack. The Cyber Reserve would be organized under the state adjutant general’s office, alongside the Ohio National Guard and Naval Militia. The bill provides $100,000 for the new organization through the remainder of the 2019 fiscal year, and $550,000 in 2020, though members would only be paid if called to active duty.
Creating a civilian cybersecurity team that could be dispatched in emergencies would put Ohio on par with neighboring Michigan, which organized the Cyber Civilian Corps, or MiC3, in 2017. Ohio Adjutant General John Harris, who would oversee the new Ohio Cyber Reserve, told the state senate this week that it might’ve come in handy last month, when the city of Akron was hit by a ransomware attack amid a major snowstorm.