Under the Dome

NC’s elections website was hacked, but it wasn’t as damaging as it could have been

North Carolina’s elections board provided this image to state lawmakers in a December 2017 presentation.
North Carolina’s elections board provided this image to state lawmakers in a December 2017 presentation. State Board of Elections and Ethics Enforcement

As the fear of election equipment being hacked grows, the State Board of Elections and Ethics Enforcement wants to get ahead of any potential threats by having additional staff members to address cybersecurity.

In a presentation to the Joint Legislative Election Oversight Committee on Friday, Kim Strach, executive director of the state board, said election security is something everyone needs to be concerned about. Strach said there are two types of hacks that the state board has to keep an eye out for – internal and external.

External threats include phishing and designer malware that target things like the statewide voter registration system or the voting equipment. Internal threats could come from anyone who is working in conjunction with an election. “We need to make sure that these people can be trusted and that they’re not a threat, because that’s one of the biggest places that we have to be concerned about,” Strach said.

In June 2017, Strach said there was an attempt to “deface the front page of the websites of many state agencies across the country.” The pages said “Hacked by Team System Dz” and “I Love Islamic state.”

Luckily, she said, it didn’t happen during a major election and it didn’t happen as intended in North Carolina. The hackers had gotten into the state board’s system, but not onto the website’s front page.

“If you knew exactly where to go, you would have seen it on our website,” Strach said.

“We were able to get it down within minutes because we got a call from the FBI ... We had mechanisms in place that were harder for them to get to the front page,” she said. “Had this been on our website right around the 2016 general election, the people of North Carolina would have thought our entire election had been hacked.”

Strach recommended that the state board get dedicated staff members to monitor cybersecurity and any vulnerability. She also suggested the state board and county boards should have the ability to do background checks on employees “to see if there is anything in their past that is a red flag, so we don't bring people in that might have bad intentions.”

She also recommended having safeguards in place to ensure unsecured or noncompliant voting systems or electronic poll books can be prevented from use in elections.

“The dedicated staff to ensure the cybersecurity vulnerabilities, is that a request for additional staff or additional machinery or what exactly do you need there?” committee chairman Rep. David Lewis, a Harnett County Republican, asked.

“We think presently, we have a great IT team, and they build us good products,” Strach said. “We feel like what we need though, is we need somebody who has true expertise in cybersecurity, so anything that we’re building that we are ensuring that we are limiting the vulnerabilities. Right now we have some contract staff that have some understanding of that, but we think either through permanent staff or contract staff we need the ability to be able to bring on board someone that is dedicated to helping us with cybersecurity issues.”

Online voter registration

Also on Friday, Strach responded to questions from Sen. Angela Bryant, a Nash County Democrat, about moving to an electronic voter registration system. “We like, we want the ability to do online registration,” Strach said. “Most states in the country do online registration.”

She said the state board has been working with the Division of Motor Vehicles, since it has a system to update license and voter information. “We want to be able to do it from our website,” she said. “We need to make it secure ... And we think we can do that through our relationship with DMV.”