Warren County in North Carolina has only three full-time staff members, and none of them are computer specialists. That could matter in a year in which foreign governments are eyeing ways to disrupt the November election.
So the county’s election director, Debbie Formyduval, has welcomed cybersecurity experts from the state’s National Guard to help shore up the systems.
“I'm a small county," Formyduval said. "And it allows me — it affords me the opportunity to feel comfortable with my IT and where I am compared to a larger county in the state."
The National Guard is often associated with more physical tasks such as helping with disaster relief, or in recent months, responding to protests over police brutality against Black Americans. But some states across the country are increasingly calling on the guard’s cybersecurity specialists to help with the routine but vital task of providing basic cybersecurity help to election officials. The aid is especially important in rural areas or small jurisdictions that may be short-staffed — and which federal authorities say are most vulnerable to hackers.
The U.S. election is broadly distributed among states and administered by local and county officials. While that makes it hard for hackers to inflict widespread damage, it also means there are thousands of potential targets.
The North Carolina National Guard’s Cyber Security Response Force has done cybersecurity assessments in more than 30 of the state’s 100 counties. Under Lt. Col. Seth Barun, the force has responded to 35 attacks since 2018, including a malware attack in Duplin County.
“We say: ‘This is what yours looks like. This is what the industry best practice should be. And here's what we would do to fix it,’” Barun said.
Other states have called guard members for different election security needs. Ohio’s National Guard has biweekly calls with the state secretary of state’s office and has an open call for civilians with technical experience to help with the 2020 election. Minnesota’s Guard joins state election officials for cybersecurity walkthroughs with federal officials, and Colorado’s helps monitor network traffic to state election websites.
The National Guard’s embrace of a cybersecurity mission has been building for years. As the Department of Defense has increasingly put its resources into cybertraining, more guardsmen have been trained as cyberspecialists for the state they’re based in, Air Force Col. George R. Haynes, the National Guard’s chief of cyberspace operations, said.
“In the last six-10 years, I’ve seen a huge increase in partnerships of the National Guard and the state and communities when it comes to improving cybersecurity, sharing information on cybersecurity,” he said.
“Ten years ago, we knew there were viruses out there, but people would buy virus protection and feel like they were fine. Now, we’ve seen all these instances of cybersecurity theft and cybercrime,” he said. “It has increased people’s desire to have better protection and better security.”
Even though it’s extremely rare for most voting equipment to be connected to the internet, hackers could delegitimize the 2020 election in some voters’ eyes by attacking internet connected sites that, for instance, instruct voters on the location of their polling places.
U.S. officials have repeatedly said that when it comes to safeguarding the election from hackers, they’re particularly concerned about jurisdictions that have few IT specialists on staff.
While most state governments and large counties are in regular contact with federal and private cybersecurity experts to test their systems for vulnerabilities, some remote areas with fewer tax dollars don’t hire technical staff, leading to gaps that a patchwork of multiple initiatives have tried to fill, including the federal Cybersecurity and Infrastructure Security Agency and a volunteer corps of cybersecurity specialists.
“Anytime we read about threats from hackers and nation-state actors, etc., all those have brought people to think, ‘I’ve got to budget my time and resources’ — otherwise we’re going to be vulnerable,” Haynes said.