Ohio elections chief orders counties to upgrade security
COLUMBUS (AP) — Ohio’s elections chief ordered county boards of elections on Tuesday to undergo a host of security upgrades that he says will guard against cyberattacks and other threats ahead of the 2020 election.
Republican Secretary of State Frank LaRose said his goal is to position Ohio as a national leader in election security that goes beyond voting machines to the boards’ software systems, email accounts and websites.
“Even the most secure IT environments have lists of things that they want to do to become more secure, so it’s not to say that we have some sort of massive vulnerability,” he said. “But we know that when we have computer systems and personnel involved, there’s always room for improvement.”
LaRose’s directive expands on the findings of a statewide review conducted last year. He said he is making available up to $12 million in Help America Vote Act money to pay for the upgrades.
The order requires all 88 county boards to request four services from the Department of Homeland Security by July 19: a risk and vulnerability assessment, remote system testing, a communications review and an in-depth hunt for cyber threats.
Each board must also install special intrusion detection devices and a so-called “black box” tool for system security, both provided by LaRose’s office.
LaRose also is requiring any boards that aren’t already to begin using a new, secure email system, to conduct annual cybersecurity and physical security training sessions and to perform criminal background checks on all permanent employees, vendors and contractors who perform sensitive services. Their websites also must be updated and given uniform “.gov” suffixes, he said.
The improvements must be completed by Jan. 31.
“This is about assuring, when the eyes of the world are on Ohio in 2020, that we will have completed this checklist that each county has, to make sure that our election infrastructure is protected,” he said.