When Russian-backed hackers sniffed around Minnesota's electronic election files last year, apparently seeking an opportunity to manipulate the data on which fair and orderly election administration relies, their search failed. That's the word the state's chief elections administrator, Secretary of State Steve Simon, said he received last week from the federal Department of Homeland Security. Twenty other states received similar advisories, though one — Wisconsin — was told last week that the Russian attempt targeted a different state agency, not elections.
Bolster Minnesota's defenses against election hackers
Hostile nations' threat should make cybersecurity a priority.
"… [T]here was no breach and no attempt to breach Minnesota's election system," Simon said. "The entities scanned IP [internet protocol] addresses associated with the secretary of state's website for vulnerabilities, but attempted no further action. Our system had previously identified these IP addresses scanning our system and blocked them."
That's good news. But we hope it isn't so reassuring that Minnesotans are lulled into thinking that the election records and other sensitive data kept and used by state governments are invulnerable. Or that, having been foiled once, Russians or others with hostile intent won't be back to try again.
Hackers try to get access to every state's digital data every day. So says Chris Buse, Minnesota state government's chief information security officer. Buse reports that Minnesota's IT systems are probed for vulnerabilities an amazing 3 million times each day. "We are barraged," he said.
In response, state government has ramped up its cybersecurity defenses. "We have a rock-solid five-year strategic plan," Buse said. It involves bringing separate state agency databases into consolidated hypersecure electronic storage centers. But funding for that work is inadequate. The Dayton administration sought a $22 million increase for cybersecurity from the 2017 Legislature. The request was denied.
More reassuring was the GOP-controlled Legislature's affirmative response to DFLer Simon's request for $7 million for new voting equipment. Today's hacking threat vindicates Minnesota's decision more than a decade ago to stick with pen-and-paper voting. The new machines will maintain that paper trail. But the back-office work of election administration, including voter registration, exists on computers, not paper.
Simon said his office is evaluating the need for additional elections cybersecurity funding from the 2018 Legislature in light of the 2016 experience. "This is not a situation in which it's smart to try to do more with less," he said. He's also working more closely with Homeland Security, going so far as to obtain a security clearance so that he can be more quickly apprised about threats. Securing electronic elections data has become a major part of the secretary of state's job, he said.
That rising responsibility needs to register more widely. Much of the public discussion about election integrity in recent years has been about very rare episodes of voting by persons legally ineligible to cast ballots. President Donald Trump has appointed a presidential commission to investigate that kind of voting fraud — even as he has been dismissive of evidence pointing to Russian attempts to interfere with the election.
In light of what is now known about what Russians tried to do in 21 states in 2016 and are likely to keep trying in future elections, Trump's notions about election fraud seem dangerously misdirected. The stewards of Minnesota election integrity ought to keep their eyes on the more genuine and pressing threat.
An annual collection of Thanksgiving thoughts from the Minnesota Star Tribune’s opinion staff.