First Line of Defense in U.S. Elections Has Critical Weaknesses
(Bloomberg) -- A software sensor with a knack for detecting intrusions like those from Russian hackers is being embraced by U.S. states determined to protect their election systems, though cybersecurity experts warn of the tool’s limits.
The Department of Homeland Security is working with a growing number of state election officials to install “Albert sensors,” which detect traffic coming into and out of a computer network. The system can’t block a suspected attack, but it funnels suspicious information to a federal-state information-sharing center near Albany, New York, that’s intended to help identify malign behavior and alert states quickly.
“Every sensor we’re able to add is another in what was previously a dark spot” that federal authorities “couldn’t see into,” said Brian Calkin, vice president of operations for the Multi-State Information Sharing and Analysis Center, the Homeland Security-funded group that created the sensor in 2010 and upgraded it in 2014.
The sensors -- modeled after a system used to protect federal government networks that’s named after scientist Albert Einstein -- are now installed in 29 states, according to a Homeland Security official. But experts caution that they’re not deployed to most of the 9,000 local jurisdictions where votes are actually cast, and sophisticated hackers can sneak past the sensors undetected.
With congressional primaries already underway, and elections planned next month in almost two dozen states including California, New York, New Jersey, Virginia and Iowa, administration critics say not enough has been done to harden the U.S. election infrastructure against attacks like those seen in 2016.
Intelligence agencies have warned Russia is likely to try to interfere in U.S. elections again this year. The Trump administration has sought to assure lawmakers that it’s working with states to beef up election security, and Homeland Security leaders officials often tout the Albert sensor as a sign of how they’re buttressing states.
The sensors helped the federal government conclude that Russia targeted voter registration databases in 21 states in 2016, yet not all states had the devices then, Jeanette Manfra, Homeland Security assistant secretary, said.
“We can assume that the majority of states were probably a target,” Manfra told the Senate Homeland Security Committee April 24. But with more states now placing the sensors on their systems, “we are increasing our visibility,” she said.
Homeland Security is working to get sensors in all states by the November midterm elections, she said in an interview. “It’s very helpful to be able to alert us if there’s anything going on.”
While cybersecurity analysts say that’s a good first step, a former DHS official familiar with the department’s cybersecurity programs said the department has failed to pitch the sensors to county clerks, leaving gaps in monitoring voter rolls and voting machines.
To say that an Albert sensor “is the panacea, it’s the silver bullet, is completely misleading -- it’s a misunderstanding of the reality of the situation,” said Bob Stasio, a fellow at the Truman National Security Project and former chief of operations at the National Security Agency’s Cyber Operations Center.
States decide where they want to affix the sensors. Some use them to monitor the secretary of state’s office computer network, while others use them as sentinels for their voter registration database.
One key advantage for cash-strapped states: The system is provided for free.
The device mines “signatures” that could point to malicious actors, such as internet protocol addresses associated with Russian hackers. But it’s only as good as the signatures that officials feed into the sensor, so that it knows what to look out for. A second former DHS official said that unless intelligence agencies flag specific signatures to Homeland Security, the sensors won’t be very useful to states.
There are other limitations.
The second former official called the technology antiquated -- the equivalent of a five-foot chain-link fence -- because it doesn’t incorporate newer methods such as encryption to protect material in a network.
The Albert sensor acts like the guard at the entrance of a movie complex, according to Stasio. The guard stands at the door keeping an eye out for someone with a gun in the crowd -- just as the sensor looks for a hacker in network traffic.
If someone sneaks in a gun under a coat undetected, there needs to be another guard -- or sensor -- in each theater, representing what cyber analysts call the “endpoint” for network traffic.
Intruders like the Russians who meddled in the 2016 election represent “very advanced threats -- they’re going to be able to understand how to get past that first gate-guard that guards the main door,” Stasio said.
Hackers also can slip through if they get a hold of stolen passwords from election officials’ systems.
“Adversaries are able to masquerade their activity as something that’s somewhat normal because they’re getting legitimate credentials for state election officials,” according to Beau Woods, cyber safety innovation fellow with the Atlantic Council in Washington.
Still, many states see Albert sensors as valuable tools.
Texas deployed a sensor on its voter registration database in January, ahead of its May primaries. Vermont, which holds primaries in August, started using the device a month ago.
Maryland’s State Board of Elections said it has requested an Albert sensor for its online voter registration database and online ballot delivery systems, which are hosted by an outside company. The state has primaries in June.
Although the sensors are free for states and some large counties, smaller localities have to pay fees of $600 to $1,500 a month, according to the Multi-State Information Sharing and Analysis Center.
The Florida Department of State has an Albert sensor monitoring its network in advance of its August primaries. Now it’s also providing county election supervisors with $1.9 million in grants -- from federal funding -- to buy the Albert devices, department spokeswoman Sarah Revell said.
Iowa Secretary of State Paul Pate said that earlier this year he added an Albert sensor to his office’s computer network, which is separate from the state network. He’d like to get them to counties so that they’re “equally protected,” he said. Iowa’s primaries are June 5.
“We know in Iowa, thousands a day try to get into the government systems,” Pate said.
Albert sensors went live in Franklin County, home to Ohio’s capital of Columbus, just days before the state’s May 8 primary. As a large county with almost 860,000 registered voters, it didn’t have to pay, county elections board spokesman Aaron Sellers said.
“We are a bellwether state -- it seems every two to four years we’re always in the crosshairs,” Sellers said. “If there’s ways we can reassure” voters “without getting into the gory details of what we’re doing, it puts them more at ease.”
©2018 Bloomberg L.P.