Advertisement

Despite attempted Russian election hack, Legislature did not create cyber security unit

For 2018 only, state will spend federal money to improve network monitoring of voting systems
 
Published March 21, 2018|Updated March 21, 2018

The revelations that Russian hackers tried to penetrate voting systems in at least five Florida counties caused widespread alarm last year and prompted Gov. Rick Scott to ask the Legislature for five cyber security experts in his "Securing Florida's Future" budget.

But it didn't happen. The $88.7 billion budget that the Legislature gave Scott and that he signed into law last Friday does not include those five positions, even after months of sustained news coverage about Russian meddling in American democracy.

Instead, Florida will sign one-year contracts with all 67 county supervisors of elections to improve network monitoring of county voting systems, not the statewide database that keeps track of 13 million Florida voters.

The program, specified in the state budget, will use $1.9 million in federal Help America Vote Act (HAVA) money so that counties can buy devices and pay for a monthly monitoring service that detects efforts to penetrate their systems.

The device is a sensor known as "Albert," according to Marion County Supervisor of Elections Wesley Wilcox, who implemented the system in January and believes he was the first to do so in Florida.

Wilcox said the sensor costs about $8,000. He said monitoring is provided by MS-ISAC (a Multi-State Information Sharing and Analysis Center), at a cost to large counties of about $1,300 a month.

Wilcox, who has a computer science degree and who's acknowledged by his peers to be an expert in cyber security, said the state should have found the money for the experts Scott requested.

"This is our new normal," Wilcox said. "You need people whose entire function is cyber security. We're past the point where somebody can do cyber security for an hour a day. You need somebody who can do this 24-7."

The budget noted that the monitoring program is for one year, meaning it won't automatically exist for the 2020 presidential election and that it's a local responsibility, not the state's problem.

"The state will not be responsible for ongoing maintenance, monitoring or costs beyond year one, nor will the state be responsible for individual county voter registration data security and any associated risks," the provision states.

Florida's voter database is maintained by the state in a partnership with all 67 counties.

A spokesman for the Florida Division of Elections, Mark Ard, said: "We are reviewing ways to use existing resources to hire cyber security specialists."

The U.S. Department of Homeland Security alerted state elections officials last September that Russian government agents were behind the hacking attempts, according to news reports at the time.

The risks of hacking of state and local voting systems remains a serious concern entering the 2018 election cycle.

The Associated Press reports that voting systems in 21 states were targeted by Russian hackers before the 2016 presidential election.

The Times/Herald reported last year that five Florida counties were targeted in Russian attacks in 2016, but were unsuccessful.

Four of those five did not open suspicious "phishing" emails designed to compromise their systems. The fifth, Volusia, said it opened an infected message but not the attachment that could have damaged its system.

Cyber security experts have said that it's critical that elections officials address any vulnerabilities in voting systems long before the fall, when millions of Florida voters will be casting ballots.

Senate President Joe Negron, R-Stuart, told the Times/Herald that he was aware of Scott's request last November for five computer sleuths in the Division of Elections, but that it did not reach his level.

"It was a decision that would have been made at the subcommittee and committee level," Negron said.