Wisconsin elections officials work to secure the 2018 vote

Posted at 11:11 AM, Nov 08, 2017
and last updated 2017-11-08 12:52:36-05

The state of Wisconsin knows a lot of things about all of us, information that is stored on computers that come under constant attack.

Knowing that keeps David Cagigal, Wisconsin's Chief Information Officer, up at night.

"Five-point-seven million citizens from babies to elder. We have records on them. All that data is in that data center," Cagigal said.

Cagigal was one of the first people to know Russian hackers were trying to get into his data center, and at information critical to Wisconsin's elections.

He is also convinced they will try again.

"This isn't gonna stop. Whatever we saw in the 2016 election, we're gonna see more in the 2018 election," he said.

Department of Homeland Security investigators concluded Russian hackers tried to get in this system ahead of last year's vote.

They never accessed voter information, but based on what those hackers did in other states DHS is convinced their target was files on voter registration.

Wisconsin Elections Commission Administrator Mike Haas said mass changes or deletions in the voter file could cause havoc on election day, and cause people to doubt the integrity of the state's vote.

"You don't want that confusion on election day at the polling places, especially on a widespread scale," Haas said.

So Haas and Cagigal are working on a plan to prevent that by strengthening the systems around the state's elections.

While many aspects of the plan are still in the works, Haas said it will start with giving a simple piece of advice to the 3,000 elections officials across the state with access to the voter files.

"Protect your passwords, have strong passwords, change them, don't share them," he said.

But an information security expert told the I-TEAM he would like to see more than a password protecting access to such delicate files.

Alex Holden runs Hold Security, a Mequon firm that has uncovered some of the largest data breaches in history.

Holden, born in Russia, said foreign actors are simply too advanced.

"State sponsored actors are often extremely well organized in their methods," Holden said. "Their techniques exceed our current defenses. They can bypass a lot of safeguards we have in place."
What Holden would like to see is what's called "multi-factor" authentication.

That requires a user proves who they are when the log in, usually by entering a one-time code that sent through email or over the phone.

"Banks, social media, email -- they have millions or tens of millions of customers and they manage to do that. 3,000 people should be a relatively simple way to do this," Holden said. 

But it's not that simple, according to Mike Haas.

Those 3,000 elections officials are scattered across some small towns and often do their jobs from the kitchen table.

Haas does not know if all of them even have a cell phone.

"There are some complications. For one, we don't have a cell phone for every municipal clerk or possibly a separate email address," he said.

While Alex Holden fears that could give a hacker a way in, David Cagigal believes his track record speaks for itself.

Russian hackers have had zero success in Wisconsin's data center.

"We have not had a breach -- knock on wood -- that has exfiltrated data," Cagigal said.