It took more wrangling with lawmakers than expected, but the state’s chief election official now has access to $6.6 million in federal funds to implement his plan for warding off hackers and potential cyberattacks.
“We were the very last state to get that money,” said Minnesota Secretary of State Steve Simon.
Minnesota received its share of the federal election security money from the Help America Vote Act over a year ago. But political maneuvering at the State Capitol delayed the authorization Simon needed to put the money to use. He didn’t get it until last month’s special session.
“It still puts us behind other states,” Simon said. “Every other state not only had it but had it some time ago in time for the last election. So, we are behind, but we can now use that money.”
Simon said most of the money will go toward short-term projects that can be done ahead of the presidential primary next March. The rest will go toward a four-year project to modernize the state’s voter registration system. With the help of cybersecurity experts, local election officials and legislators, Simon put together a detailed plan months ago for spending the money.
“The federal government is exercising oversight over this money to make sure it’s being spent on what Congress and the president wanted it spent on,” he said. “But those are broad categories. As to the details, they’re leaving states in charge of those details.”
Deputy Secretary of State Jake Spano is preparing for some of the projects, which include upgrading anti-virus software, installing software to more closely monitor database activity and requiring multifactor authentication for all users. Spano said they are also working to protect election data by segmenting the larger office computer network to limit user access.
“Our team is sort of going through this process of trying to make sure that all of the staff in our office have access to the things that they need, but no more access to things that they don’t need,” Spano said. “So that if someone was to compromise their credentials and enter the system they wouldn’t be able to navigate around in the system.”
Another detail in Minnesota’s plan is the hiring of a “cyber navigator.” That person will be based in the secretary of state’s office and help counties and cities with election-related cybersecurity.
“The idea of a cyber navigator is very ... attractive to us,” said Deborah Erickson, administrative services director for Crow Wing County, Minn., and chair of the elections committee of the Minnesota Association of County Officers. She also worked with Simon and others on the plan for using the federal election security money.
Erickson said the cyber navigator will be an important resource for all counties.
“We’re all different. We have 87 different counties, and if you asked them what their needs were, for particularly around the realm of cybersecurity, you’re going to get 87 different answers,” she said.
Election security is not a theoretical exercise. Minnesota was among 21 states targeted by Russian hackers in 2016, according to federal intelligence officials. No damage was done here then, but Secretary Simon expects more attempts in 2020. He says that’s why protections are needed as soon as possible.
“The plan is good, and the fundamentals of our system are good as well. We think we will have a secure election, but there is never any guarantee of any outcome,” he said.
The National Governors Association recently selected Minnesota and five other states to participate in its policy academy on election cybersecurity, which will dig into the issue further over the coming months.