Maryland election officials are making sure the state voting systems are safe from cyber threats in this year’s upcoming elections.
To make sure systems are secure, the board fixed some security vulnerabilities identified by the Department of Homeland Security, officials said. Legislators this year also passed measures speeding up the reporting of hacks and requiring more transparency in online political ads.
State Board of Elections officials said unusual activity in election systems was detected in August 2016, but there was no evidence of a hack.
Maryland officials described the unsuccessful attempt to break into its voting systems as a “probe” — likening it to a would-be burglar wiggling door knobs, but leaving after finding the door locked.
"We haven’t done anything dramatically different than we did before, because it’s an ongoing process," said Nikki Charlson, the board's deputy state administrator. "We’ve enhanced some of the ways we protect our systems by making it harder to get in."
Maryland’s voting machines were first used in 2016.
They had been tested in a federally certified lab and were approved by the U.S. Election Assistance Commission, the board said.
The machines are never connected to the internet and backed up by paper ballots. Election results are transferred out of the machines onto encrypted thumb drives.
The board’s election system got a DHS risk and vulnerability assessment after the 2016 probe, Charlson said. As part of the assessment, the department tried to hack into its systems.
“They didn’t get in, but they had some recommendations on how we could make it even more difficult,” she said.
Prince George’s County Democratic Delegate Alonzo Washington sponsored a pair of bills that were approved in this year’s legislative session to strengthen election rules.
One bill requires online platforms – such as Facebook, Twitter and Google – to retain and disclose information on online political ads.
Another requires vendors working with the elections board to inform the agency of a breech within four days. It also requires the state administrator of elections to report hacks or attempted hacks to lawmakers within seven days of becoming aware of them.
Washington said legislators did not hear about the attempted 2016 hack on Maryland's election systems until seven months after it happened.
Charlson said her department told the Department of Information Technology soon after the attempted hack, but acknowledged that lawmakers were not informed for much later.
Washington said in a June newsletter to supporters that the pair of bills will improve election safety and transparency in Maryland.
"Because of legislation I proposed, lawmakers and the public will immediately be informed of any 'security incident' involving the state’s election systems," Washington said in the newsletter.