SIDNEY — The security of upcoming elections was the mission of a meeting Friday morning at the Shelby County Board of Elections.
Director Pamela Kerrigan, Deputy Director Donnie Chupp, board member Jon Baker, Shelby County Engineer Bob Geuy and Sidney/Shelby County IT director Joel Glass tested how security at the E-Pollbooks work using a switch instead of a router. The E-Poll Books are taken to each polling location in the county and are how registered voters check in and receive a ballot to vote on election day.
“The foundation on which successful elections are built is voter confidence,” said Chairman Chris Gibbs. “Cyber mischief in the election process can erode that confidence leading to distrust of election results. Because Shelby County has committed to paper ballots, we have limited our ‘online’ exposure to cyber attacks regarding individual ballots.
“That doesn’t mean we are immune to cyber disruption because we do use the Internet on a daily basis for email, voter registration and reporting. Any attacks on those support systems, while not directly affecting individual votes, could still result in damage to voter confidence,” he said.
“That is why Director Kerrigan has taken steps to ‘stress test’ all of our systems,” said Gibbs.
Kerrigan said the Secretary of State’s Office has sent each Board of Elections office a directive dealing with cyber security. The checklist, she said, is to be completed as soon as possible.
Assisting with the checklist process is Rich Valerio, who observed the E-Poll Book checks Friday morning. He said he’ll be looking at all components of the elections process.
“The state has sent them a checklist of best practices,” said Valerio. “I’ll be making recommendations that aren’t checked off the list.
“I’ll be looking at the entirety of the system, specifically where there might be holes that can be stopped,” he said. “There’s no way to secure it completely. If a person wants it bad enough, they’ll find a way to get it.”
Valerio said he wanted to see the process, how the E-Poll Books were hooked up and how everything flowed during Friday morning’s exercise.
“Joel, Donnie and Bob understand the system and its security,” said Valerio. “This should be a pretty easy work for me. I’m just here as an observer.”
Geuy and Kerrigan said it was beneficial for security of the election to have an outside person come in and observe and do the checklist for Secretary of State’s Office.
“Computer security is a hot topic,” said Valerio.
Valerio questioned Chupp on the process of gathering information from the E-Poll Books on election day.
“We bring them back to the office to download data after the election,” said Chupp. “We use a clean thumb drive to take the information off them. The thumb drive is still wrapped in its package, and we get them from the Secretary of State’s Office.”
Valerio said the thumb drives should be secured in a locked room until they are needed.
The data, said Chupp, goes onto the Voteck management server, which converts the file into usable data to update the voter registration information. The voter gets credit for voting in the election.
“This information never goes beyond my computer or Pam’s computer,” said Chupp.
The data is then sent over a bridge application to the state for voting credit.
“The whole process is complete before the application takes over,” said Chupp.
Valerio told Chupp and Kerrigan that he was playing devil’s advocate to make sure all security measures are in place.
Geuy said security training should be part of the training process for all poll workers. They will know what to check for to make sure the E-Poll Books aren’t tampered with on election day.
The cyber security process will also look at email security, Internet into the building and voter registration security.
Kerrigan said voter status and registration information are two of the items which the board wants to protect from cyber mischief.
Gibbs said he is thankful the board still uses paper ballots on election day.
“I can’t imagine what the states do who use the electronic voting process without a reliable paper trail,” said Gibbs. “The burden they have in this environment, on the national news, when responding to cyber attacks and mischief is overwhelming.”
