The U.S. Department of Homeland Security will test Wisconsin election systems for cyber vulnerabilities to help ensure they remain secure for the 2018 elections, state officials said Tuesday.
It’s part of what may be the state’s most expansive election-security efforts to date, following the events of 2016, when hackers linked to the Russian government unsuccessfully targeted election systems in Wisconsin.
The state’s IT agency thwarted the 2016 hacking attempts, and no voting information was compromised, state officials have said. But federal intelligence agencies have concluded the attempts were part of a much broader Russian effort to interfere in U.S. elections — one that’s likely to resurface heading into the 2018 midterms.
State Elections Commission Chairman Mark Thomsen said the attempts have made elections officials “much more aware of the fact of the risk of foreign government meddling.”
“There is a recognition that the voting infrastructure is part of our national security,” Thomsen said.
State officials say they’re working with the Homeland Security Department and state IT officials to conduct, in May or June, a “risk vulnerability assessment” of the state’s elections IT system.
The two-week testing campaign involves federal cybersecurity specialists simulating “hacking attempts on election systems ... to identify vulnerabilities,” according to the commission’s agenda.
After those tests were complete, Homeland Security would give the commission “a report that outlines any vulnerabilities identified and suggestions for how those vulnerabilities can be remedied,” according to a memo prepared for the state Elections Commission by its new administrator, Meagan Wolfe.
The assessment also includes several measures aimed at standardizing and securing Wisconsin’s highly decentralized election-administration network, which encompasses more than 1,800 cities, villages or towns — each of which administers elections within its boundaries.
They include a phishing campaign where Homeland Security will send simulated malicious emails to state elections application users, including local election clerks. The phishing assessment “will then track the activity of the email recipients and then provide (the commission) with a report” on how local clerks respond, Wolfe wrote.
She said the report could then be used to inform training of users of systems such as WisVote, the statewide voter registration database.
The plan discussed by commissioners Tuesday also includes enhanced cybersecurity training of the more than 1,800 municipal clerks. Among the new requirements for local clerks would be “to report any election related security issues or incidents to the (commission) and appropriate law enforcement,” according to Wolfe’s memo.