Apr 11, 2018 - Politics & Policy

States testing cyberattacks on election systems

Red, white, and blue striped panels cover a voter voting in a polling booth.

Voter in a polling booth in Maine. Photo: Brianna Soukup/Portland Press Herald via Getty Images

Worried about security gaps ahead of the 2018 midterms and beyond, Colorado and Texas are carrying out tests this week to see how officials respond when cyberattacks hit.

The goal is to find any gaps at the county, state, and federal levels before there is actually an attack, Trevor Timmons, the chief information officer for Colorado's Dept. of State, tells Axios. He warned that these aren’t hypotheticals, though: “All of the situations…we prepared are all based on things that have actually happened…because they will happen” again, he said.

Examples of simulated cyberattacks and scenarios they’re testing, per Timmons:

  • Email phishing attacks, like the kind that tripped up the DNC in 2016, which could allow adversaries to gain access to an election system and compromise it.
  • The compromising of a county or state website.
  • What happens when a media report creates “fear, uncertainty, and doubt within the elections administration community or within voters,” Timmons said.

Context: Russia targeted both Colorado and Texas in the 2016 elections. Bloomberg’s Nafeesa Syeed originally reported that they'd be testing out election security attacks.

  • The simulation is a part of the Department of Homeland Security’s biannual simulation of how people respond to cyberattacks, called cyber storm, that kicked off yesterday.
  • There are 7 states in total, including Delaware, Montana, Washington, Virginia, and Iowa, participating in the cyberattacks simulation.
Go deeper