The state of Alaska understands that security is a practice that requires a cycle of improvement in order to stay ahead of malicious actors and unintended outcomes. On May 10th, the Alaska House State Affairs Committee called a hearing on election security with the goal of examining how the state can continue to maintain the integrity of its election system and the confidence of its voters. The timing of Committee Chairman Jonathan Kreiss-Tomkins could not have been better: earlier this month the Alaska Daily News reported on how “a hacker gained unauthorized access in 2016 to the server that hosts Alaska’s public elections website” but failed to change any records or disrupt the election.
I was invited to join Wendy Underhill of the National Conference of State Legislatures (NCSL) and Danielle Root of the Center for American Progress (CAP) to offer testimony and answer questions on election security from technical and policy perspectives. Alaska already practices a solid strategy of defense-in-depth to protect its IT systems, for example, separating the public-facing web server from the back-end database when reporting election night tallies. Refocusing attention to the threats likely faced by local election officials, I recommended two-factor authentication as a method to resist phishing attempts, warned of the potentially crippling impacts of ransomware, and identified free services to help ensure that legitimate visitors to the reporting website are not impeded by malicious traffic generated by a DDoS attack.
Representative Chris Birch (R-AK) highlighted two concerns that face many jurisdictions today: how do we ensure that voting machines cannot connect directly to the internet and what is the importance of paper ballots? State and local procurement officers should be well informed of the likely security risks and minimum security requirements in order to specify the appropriate new equipment for their election system. Voter verifiable paper ballots are a critical aspect of any newly-purchased equipment. Without a paper trail, statistically-sound post-election audits (essentially checking the accuracy of the voting process) are simply not possible.
Beyond threats from hackers, elections in Alaska face two challenges that do not exist in the lower 48 states. The immense size and difficult topology make timely travel between Alaskan cities a multi-modal affair. Many cities, including the capital of Juneau, are separated by mountains or water, making them accessible only via boat or plane. Communication represents another challenge in Alaska. Poor internet connectivity means a heavy reliance on the postal service to send and receive documents with election workers. Despite these challenges, Alaska has developed a robust election security framework through the work of the Division of Elections and House State Affairs Committee.