Local elections board adds cyber protections ahead of state mandate
WARREN — The Trumbull County Board of Elections is on the “ground floor” of implementing state-required security upgrades ahead of the 2020 elections, said its deputy director, who doesn’t see a problem with meeting the deadline for the improvements to be complete.
Scheduled in the near future with the U.S. Department of Homeland Security, said Ron Massullo, is a “full-blown, front door to back door assessment of the building,” which is in line with one of several mandates from Ohio Secretary of State Frank LaRose to boost election security at Ohio’s 88 county elections boards.
“What we are doing is identifying and assessing every single point of security, both cybersecurity as well as the physical security aspects of our building,” said Massullo.
LaRose, a Republican, in June issued a directive to boost security of the election infrastructure in Ohio, partially funded with Help America Vote Act dollars from the federal government.
Ohio has $12 million to parcel out to elections boards, a “vast majority” of which will be used for the cybersecurity improvements, said LaRose last week during a stop at the elections board in Warren.
Trumbull County received $50,000 to put toward the upgrades.
The deadline to have the work done is January. Shortly thereafter in March are the presidential primary elections.
“So we need to have these improvements in place by the end of January, and it’s hard work, but our county boards of elections are going to get it done and when they’re done, we’ll be able to tell the world that Ohio is the most well-prepared state in the United States for fending off cyber-attacks,” LaRose said.
LaRose’s office is also requiring intrusion detectors and an information- and event-logging system to collect security data. The latter, in event of an intrusion, lets elections boards know what type of activity was done by the attacker.
LaRose likened the intrusion detectors to a home’s burglar alarm.
“It sits between the board of elections and the internet, and if there is a malicious code traveling through that connection, it can shut that off, and it also can alert 24-hours-a-day, seven-days-a-week monitoring that happens by the federal government,” LaRose said.
The directive also calls for criminal background checks on permanent board employees and vendors or contractors who perform sensitive services for the boards.
Boards of elections in Wood, Miami and Hocking counties volunteered to be pilot counties for the program before the directive was issued.
“Many counties that have started to work through that checklist have found that they have already been able to tick off many of these cybersecurity improvements that they need to make. For the remaining ones that take some more time and some work, they have until the end of January,” LaRose said.