Washington state to require counties to partition off their election systems

Washington Gov. Bob Ferguson on Saturday signed 50 bills into law, including one designed to strengthen the security of election systems overseen by state and county offices.

Senate Bill 5014, which the legislature unanimously approved last month, creates several new requirements for government offices involved in elections, including adoption of the .gov top-level domain for their websites. It requires election equipment to be partitioned from other “supporting electronic infrastructure” and adds new breach reporting requirements.

Upon signing the bill, which was sponsored by Sen. Matt Behnke, Ferguson said it “will reinforce and strengthen Washington’s commitment to fair and secure elections.” The legislation advises all changes to be made “as soon as practicable,” but no later than July 1, 2027.

IT security experts and advocacy groups have been pushing in recent years for more state and local agencies to migrate their websites to .gov, which includes additional security measures and is thought to build public trust. The National Association of State Chief Information Officers calls use of the domain “essential” and this year recommended the Cybersecurity and Infrastructure Security Agency, which administers the domain, establish an advisory group designed to encourage greater adoption by state and local governments.

The bill notes that partitioning all election systems “physically and logically” from other equipment and IT systems will provide a “more secure environment” and notes “partitioning also enables tighter control and monitoring of access to critical systems, whether it applies to the entire auditor’s office or just election-related systems and assets.”

The bill text also points to the interconnectedness of the state and county IT systems, and requires that any county or supporting vendor experiencing a cyberattack or security breach must report it to the secretary of state and attorney general’s office.