SINCE IT became clear that the Russian government meddled in the 2016 presidential election, intelligence officials have warned regularly that the United States remains vulnerable to another cyberattack. If the aftermath of an Election Day fiasco in North Carolina is any indication, the Trump administration and Congress still have much to do to prepare the nation for next year’s vote.
A Post investigation detailed how North Carolina officials have desperately sought information and help from the Department of Homeland Security following a possible Election Day 2016 breach, in which Durham County’s electronic poll books, which provide information on eligible voters, improperly rejected people at their polling places. Election officials resorted to using paper-based poll books, creating massive delays. If a malicious foreign actor wanted to promote havoc on Election Day or call election results into question, this is one way it might happen.
State officials initially thought human error caused the problems, but they could not be sure. They got more concerned after a report that the Kremlin had targeted an election vendor — that is, a third-party company that provides election hardware or software to state and local governments — involved in polling book software. The company from which Durham County got its polling book software, VR Systems, claims that it did not hear from DHS until September 2017, months after a news report revealed that the Russians had targeted an election services firm matching its description, and that, when it did hear, word came in the form of a strange 2 a.m. phone call.
Following the report, North Carolina officials investigated Durham County’s polling book laptops but concluded they needed technical help. The state asked DHS to conduct a forensic examination. But Homeland Security has only just agreed to do so — a year and a half after North Carolina requested help.
Throughout the still-unfinished saga, state officials lacked critical information. North Carolina was not listed as one of the states targeted for election-year cyberattacks. But it was unclear whether this assurance applied to contractors such as VR Systems that North Carolina and other states employed. Concerned about the possibility that a breach at a third-party vendor might have exposed the state in 2016, North Carolina officials tried to prohibit the further use of VR Systems products in its election administration efforts. A court later overturned that decision. For its part, VR Systems has insisted that its computers were not compromised.
Last year, North Carolina’s attorney general formally requested clarification from DHS on the state’s past and present vulnerabilities. His office reports that he did not receive a substantive answer.
By many accounts, the trickle of information flowing from federal to state authorities has increased substantially since Russia’s presidential election hacking, as more state officials have obtained security clearances and as the scope of the threat has become clearer. North Carolina officials also insist that DHS has generally stepped up its game on election security, cooperating intensively with the state to evaluate the integrity of its voting systems.
But it is absurd that there is still any question about whether Durham County’s 2016 polling book problems were tied to the Kremlin. The Trump administration must do better. Federal officials must regulate election vendors as well as state systems. Congress should demand it — and provide whatever funds are needed.