New and familiar threats loom over midterms, election officials tell Congress
Many of the cybersecurity, disinformation and resource challenges that election administrators have long faced are as present as ever in 2022, a panel of election officials told the House Homeland Security Committee on Wednesday. Added in this year is a steady clip of insider threats posed by actors inside government, as well as a rising tide of explicit threats of violence made against officials and their families.
Cybersecurity measures, staffing challenges, financial resources and stronger relationships with law enforcement were all tossed about during the nearly three-hour hearing, with many speakers noting the strain the threat landscape has placed on election administrators nationwide.
“Election officials have found themselves victims of harassment and threats in a way we have never seen before,” said Rep. Ritchie Torres, D-N.Y., the committee’s vice chairman. “As a result, election offices across the country are struggling to retain a trained staff, exacerbating the existing challenges associated with administering the 2022 midterm elections.”
Insider threats were a major topic of conversation when the National Association of Secretaries of State gathered earlier this month in Baton Rouge, Louisiana. But those concerns are often accompanied by a rise in verbal threats and harassment. Testifying remotely, New Mexico Secretary of State Maggie Toulouse Oliver said that in the weeks since a showdown with a county commission over its refusal to certify primary election results — with commissioners citing disproven conspiracy theories about vote-counting equipment — she and her employees have received numerous threats that were referred to law enforcement.
Events like that, she said, will make it harder to both run elections and preserve trust in the democratic process.
“Many people now believe that our country’s highest office is occupied by an illegitimate president. Many people now believe that our entire election infrastructure is corrupted and has been weaponized to exclusively favor one political party,” she said. “Of course, these things are not true and no one has ever produced a shred of evidence to support these conspiratorial claims. But the consequences of these lies have real world impacts, especially for election officials.”
And Ohio Secretary of State Frank LaRose recounted a May 2021 incident in which an unauthorized individual was granted access to a county office building, with plans to plug a laptop into the local government’s network and download election data to prove a conspiracy theory.
LaRose, also appearing virtually, said that attempted breach, which is now under investigation, was stymied thanks to a series of cybersecurity measures he’s ordered county election boards to take over the past few years, including segmenting their networks from the rest of their local governments. LaRose recently published another security directive that included tougher physical-access controls around voting equipment, more intensive vulnerability scans at county election boards and a requirement for all vendors to implement vulnerability disclosure policies allowing ethical hackers to look for potential bugs. That move follows LaRose’s office in 2020 becoming the first secretary of state operation to create a vulnerability disclosure plan of its own.
Getting the message out
But it can be hard for security successes to break through to the public, LaRose said.
“When things go wrong, the public will know about it very quickly,” the Ohio Republican said in response to Rep. Jim Langevin, D-R.I. “The public should know when the good guys won and the bad guys lost.”
LaRose also said that federal agencies like the Cybersecurity and Infrastructure Security Agency can be speedier in “declassifying what can be declassified.” Toulouse Oliver, a Democrat, agreed.
“We want to be aware as soon as possible of any potential vulnerabilities. We need that information yesterday, not tomorrow,” she said, noting that over her six years in office, people in the election community are “getting so much better at sharing data with each other.”
“The information flow has gotten a lot better,” LaRose said later in the hearing. “They’ve been purposeful about that. There’s a variety of services down to the county level.”
CISA was not represented at the hearing, but its role leading election security was a frequent topic. While Rep. John Katko, the panel’s top Republican, largely praised the agency’s work, he said the amount of information now heaped on local election officials can be overwhelming. He said one official in his Central New York district reported receiving 1,762 directives in one year.
“She shares her CISO with 20 other people in one county,” Katko said. “No one’s digested that information. How do we make actionable information we’re getting from the efforts?”
Toulouse Oliver and Elizabeth Howard of New York University’s Brennan Center for Law and Justice both said that election officials could benefit from more federal funding, in addition to the cyber and physical security resources provided through CISA. LaRose said more funds are “appreciated,” but often come with restrictions and paperwork grants that make them “less effective.”
Disinformation never far
In a wide-ranging hearing that also touched on election workers’ compensation, bulk mail from third-party groups and the effectiveness of voter ID, the threats posed by misinformation and disinformation remained close to the surface. Some members used their question time to repeat conspiracy theories about the 2020 election, including Jeff Van Drew, R-N.J., who cited disproven claims about widely used ballot tabulators manufactured by Dominion Voting Systems, and Andrew Clyde, R-Ga., who invoked “2000 Mules,” a film based on discredited research about voter fraud.
The election officials who testified on Wednesday said they are making efforts to address the conspiracy theories that continue to be fueled by bad information on social media.
“Among my secretary of state colleagues we all share that concern, both the misinformation from the right and the misinformation from the left,” Toulouse Oliver told Rep. Tom Malinowski, D-N.J.
LaRose, meanwhile, said he’s had county election boards put voting equipment on display at fairs and other public events to demonstrate how elections are actually run.
“[People] see a voting machine and may be inclined to say ‘Is this the one with the secret foreign algorithm in it?'” he said. “Instead of laughing at the person it’s a chance to engage with them and teach them voting machines are never connected to the internet and tested before each election and audited after each election.”