Community colleges in Ohio are playing a role in ensuring that the computer systems used in upcoming elections are impervious to hacking.
Ohio Secretary of State John Husted established the Pathfinder program calling for county boards of election to partner with an outside consultant – a community college or private company – to review and validate the security of their election processes before Election Day, November 6.
Fifteen of the 23 community colleges in Ohio have the faculty and expertise to take on this work, and three have so far agreed to work with their county election board – Clark State Community College, Southern State Community College and Terra State Community College, says Jack Hershey, president of the Ohio Association of Community Colleges.
Other county boards haven’t yet announced their Pathfinder partners.
Cybersecurity expertise
The Clark County Board of Elections selected Clark State as its partner because the college has a Center of Academic Excellence in Cyber Defense approved by the U.S. Department of Homeland Security and National Security Agency.
Clark State designated a team – including two full-time faculty, an adjunct and a student who is a former adjunct – to study the county’s voting systems. The county partnership received a $30,000 grant for the project, with funding from the federal Help America Vote Act.
“We’re taking time to know what they do and how they do it, so our team understands the process,” says Danis Heighton, professor of cybersecurity/information assurance and computer networking at Clark State. “We haven’t found any problems so far.”
The team is reviewing the Center for Internet Security’s Elections Infrastructure Playbook, which lists 88 cybersecurity points that need to be addressed to prevent malware attacks, other attempts to influence elections, or weaknesses that could result in inaccurate vote counts.
One example calls for election boards to only use USB devices that are approved and encrypted, Heighton says. Another guideline states that if an election office has wireless connectivity, only authorized people should be able to access it.
Potential threats
Clark County voting machines use paper ballots that are scanned, thus producing receipts that can be used in a recount.
“All the assessments we’re doing are with the automated aspects,” Heighton says. “Once a ballot is handed in, the data is collected and uploaded to other devices. As it moves through the system, there are points of concern. What are the entry points where there could potentially be some sort of compromise? What could cause a machine to fail and lose data? That’s what we’re looking at.”
While there is a lot of attention nationally on Russians hacking the election, “there are a lot of things that could go wrong aside from a grand attack from the other side of the world,” he says. “Anybody could be a threat agent.”
Once the team identifies a potential problem and suggests a solution, the board of elections will undertake a process of mitigation and could seek more state funding to purchase hardware or software.
“To maintain the integrity of our elections, we must constantly be working at both the state and local levels to innovate and improve our election security measures,” Husted says. “While this can sometimes be a daunting task, Ohio’s two-year colleges are well-positioned and have the expertise to help us achieve these goals.”
“The secretary of state approached us,” Hershey says. “They believed we could do it fast. They saw the urgency. I’m proud of our colleges and our faculty for stepping up to the plate.”