The Department of Homeland Security’s CISA Hunt and Incident Response Team (HIRT) found no direct malicious activity affecting the ePollbook laptops used in certain Durham County, N.C., precincts during the 2016 election.

HIRT was asked
by the Durham County Board of Elections to examine the ePollbook laptops after
several reported inaccurate data to poll workers. The team’s report noted that
while it could not conclusively identify any threat activity on the 24
ePollbooks it checked, HIRT found several areas where Durham’s Board of Elections
needs to bolster its security practices.

HIRT also
looked at 21 USB activators, 10 hard drives and disk images of the desktop
computer used to load voter registration information onto the USB activators.

“HIRT did
not positively identify any threat actors or malware on the DCBoE systems provided
for analysis. Additionally, HIRT did not identify any remote access to the
systems under analysis during the election timeframe. HIRT did identify several
areas where defense-in-depth protections and system configurations could be improved
to help DCBoE reduce risk of compromise in the future,” the HIRT
report stated

The specific
recommendations made in the 12-page report were redacted, but a few general
suggestions were left in the clear. First, the county needs to properly
implement defensive techniques and programs to enter and remain on their
network. Secondly, any unknown activity should trigger detection and prevention
mechanisms so the intrusion can be contained.