Election cyberattacks grow with each new candidate, Utah CIO says

Utah Chief Information Officer Mike Hussey told StateScoop that he’s watched as cyberattacks against his state’s election systems have ramped up as each new candidate has been announced.

With 2020 being a presidential election year and with Utah Gov. Gary Herbert up for reelection next November, Hussey said in a video interview that interest in the state’s election systems is rising, both from those responsible from protecting them and those attempting to hack them.

“We’re shoring up some of those systems, as well as relationships, so we have the Department of Homeland Security helping us, we have our public safety office, many groups coming together in our cyber center, queueing up things as they’re getting ready for this next election cycle, but it’s going to be interesting because we’ve already had a few tabletop exercises, we’ve started to look at ‘what’s our response based on what we’re seeing?’” Hussey said.

One of the things the state’s seeing, Hussey said, is opportunities to improve as “very bright” attackers search for ways to influence their election systems and statewide voter registration database.

“You want to make sure that you’re always one step ahead the best you can be and so we’re seeing a number of threats, especially as different candidates are coming into the race,” Hussey said. “You can actually see that translate into the number of blocks at our front door based on those candidates coming into the race.”

In addition to tabletop exercises, Hussey said the state has also received federal support to purchase sensors that can be dropped into the state’s networks, scanning for abnormal activity. Albert sensors, distributed by the Center for Internet Security, are being deployed by states — both physically and virtually — at growing rates in recent months as they prepare for their county election offices for the 2020 election.

Hussey said the sensors aren’t intended to be a complete solution, but confer some aid to organizations that are often short on resources.

“If they have ransomware or if they have a payload that’s been dropped into one of their systems, these sensors may detect that may help some of those counties that might be a little more constrained on their resources, the state can come in and help in some regard shore those up and maybe offer some assistance if things go bad,” Hussey said. “And we can’t go in and remediate everything for them. We don’t have the resources, frankly, for that either, but we can provide some insights that they might go in and help themselves.”

Hussey on workforce:

“As you can imagine, just about every state is dealing with the challenge of trying to recruit talent and so our workforce development is taking on a new face where our lieutenant governor is saying let’s help with air quality, congestion on the roads, congestion in our state buildings, and even recruitment by allowing people to work from home.”

Hussey on election security:

“Election security of course is paramount. That’s been deemed as a critical infrastructure federally now. So you’re able to tap money from the feds to help with that.”

Hussey on how he sees his role changing in the future:

“Say you’re trying to do a sentiment analysis [using artificial intelligence.] Trying to grow that up internally, bring it on prem has always been a challenge for us. But if you can just migrate that data to a cloud or to a service that offers that sentiment analysis, it’s a lot easier to do and then you just have the data scientists do that evaluation.”

These videos were produced by StateScoop at the National Association of State Chief Information Officers’ annual conference in Nashville, Tennessee, in October 2019.