What the States got Right
Among the things everyone got right this time were implementing basic cyber security best practices, like stronger passwords and two-factor authentication, limiting computer system access rights, and isolating sensitive digital data. The $800 million that federal and officials shelled out for hardening elections systems also played a major role, paying for hardware and software updates and for training for thousands of election workers.
“In general, states have improved their election security by taking a much more holistic risk-mitigation approach,” says Eric Rosenbach, director of the Defending Digital Democracy Project (D3P), at Harvard’s Kennedy School of Government. “From a tech perspective they’re going through their systems to sure their infrastructure is not connected to unsecured servers. They’re also focusing on access and verification.”
Rosenbach’s group, made up of policy experts, security professionals, tech companies like Google and Facebook, and officials from the Department of Homeland Security, has produced training manuals and table-top training exercises for state election officials.
One thing the D3P group noted when training election administrators was how reluctant they were to talk to the media after experiencing a security breach or if disinformation was being spread about a voter registration rolls, tallying machines, or reporting software. “It’s a real weakness because you need to get the facts out and engage with the public to develop trust in the system,” says Rosenbach. “And they’ve really improved on that.”