The state of Kentucky’s election systems are “routinely scanned” by foreign hackers, including North Korea, Russia and Venezuela, a senior election official told legislators in a state House budget subcommittee hearing.
“This is not something that is in the past, that happened in 2016,” Jared Dearing, executive director of Kentucky’s Board of Elections told the subcommittee, according to the (Kentucky) Courier Journal. “It happens on a weekly basis.” A U.S. Department of Homeland Security official meets with the board every week to go over every scan against Kentucky’s system, he said.
Cyber break-ins at the state election level are a growing concern for security defenders, with many states complaining rightfully that funding to fend off attacks is sorely lacking. “We’re asking county clerks with very, very limited resources, with not enough IT staff, to fully maintain their own systems,” Dearing said. “We’re asking them to participate in national security.” Late last year, some help arrived in the federal government’s fiscal 2020 budget agreement that includes $425 million in state election grants to improve cybersecurity.
Increased awareness by state officials combined with supplemental financial support could present new opportunities for managed security service providers (MSSPs) and managed service providers (MSPs).
Earlier this month, Kentucky submitted a formal request to the Election Assistance Commission, which distributes the funds, requesting roughly $6.4 million to update aging voting systems. That may not be enough. Despite the new federal funding, counties would need another $60-80 million to completely upgrade their election machinery, Dearing said. Kentucky Gov. Andy Beshear (D) has recommended that the Board of Elections be given around $6.2 million for the 2021 fiscal year, which will include the 2020 elections, but decreased the amount to around $3.4 million for 2022, the Courier-Journal said.
State officials aren’t certain the scans are originating from nation-state hackers, Dearing said. Still, he figures that at the least the scans are looking for vulnerabilities in the state’s election infrastructure. “We’re now seeing those bad actors target the county level,” he reportedly told lawmakers.
A slew of federal election security bills aimed at shoring up states’ voting infrastructures have languished in the U.S. Senate. Last week, Sen. Marsha Blackburn, (R-TN) blocked bills that would require states to use paper ballots as backups and mandate post-election audits, and another that would require political campaigns to report attempts by foreign entities to influence the elections. Last December, Blackburn objected to a bipartisan bill that called for new sanctions targeting Russia’s finance, defense and energy sectors should U.S. intelligence determine that Russia interfered in another federal election.
“It’s extremely alarming to hear that Russia and other foreign actors are already scoping out Kentucky’s election systems in order to potentially interfere in our 2020 elections,” Ben Self, Kentucky Democratic Party chairman, said in a statement.