October 22, 2018 10:29 PM
Cyber security election experts say some Minnesota counties are not doing enough to protect their systems from hackers.
A simple security measure of two-factor authentication used to protect emails, bank accounts and social media pages could help safeguard county computers from potential hacker stealing login information.
Those experts say this is so important because this closely watched mid-term election is a prime target for hackers trying to disrupt the democratic process at all levels.
"In 2016, we saw similar attacks and attempts to steal information log-in credentials and (that) might be valuable to someone who wants to influence the election," said Reed Southard, a Harvard University researcher.
Southard worked with a team at Harvard Kennedy School’s Belfer Center for Science and International Affairs to create "The State and Local Election Cybersecurity Playbook” that provided advice on how to safeguard systems from digital attacks.
“Two- factor authentication is one of the most important things election officials can do to secure their systems, and also one of the easiest things to implement," said Southard. “We know people have been targeted down at this level--so the threat is very real."
Two-factor authentication normally requires a user to type in their login name and password into a computer, and then a special code is generated and sent to a separate device. That code is then typed into the computer before it finally verifies an identity.
More from KSTP:
Harvard’s playbook warned that malicious actors could also use spear-phishing to learn the username and password on the county social media pages and post misinformation to disrupt the voting process. They could also steal employee user credentials to infiltrate the county’s networks and gain information.
"Counties probably need to be doing more,” said Eric Hodge, director of election security services and solutions at CyberScout, a national security firm. “When you think about the fact our adversary is looking for the tiniest county, the least experienced staff, the smallest staff to try and punch your way through."
Hennepin County added two-factor in early October to help protect their systems.
"I would say around elections, two-factor is a safeguard that has been essential," said Jerry Driessen, Hennepin County’s chief information officer. “Two-factor gives another safety precaution."
The county said it cost $60 per user to add the two-factor authentication feature to their networks.
"One out four emails that comes into this county is actually legit, the others are spam or malware," Driessen said of digital communications sent to county employees. “It's every day and lots of traffic trying to steal our data."
Minnesota’s Secretary of State’s office earlier this summer added two-factor authentication for county election officials accessing the statewide voter registration system.
In 2016, Minnesota was one of 21 states targeted by Russian hackers; they failed to break into the state's voter database system.
Updated: October 22, 2018 10:29 PM
Created: October 22, 2018 05:45 PM
Copyright 2018 - KSTP-TV, LLC A Hubbard Broadcasting Company