Skip to main content

Important Election System Security Reminders

Posted in
Priority: 
High Priority
Date: 
June 13, 2017
To: 
Wisconsin County Clerks
To: 
Wisconsin Municipal Clerks
To: 
City of Milwaukee Election Commission
To: 
Milwaukee County Election Commission
From: 
Michael Haas, Interim Administrator
AttachmentSize
Election System Security Reminder Clerk Memo 6.13.17.pdf66.68 KB

Recent news reports have addressed Russian attempts to hack U.S. state and local elections systems before the November 2016 General Election.  The new twist in the reports is allegations that an elections systems vendor was targeted, and using information obtained from the vendor, email “spear-phishing” attacks attempted to trick election officials, including local election officials, into revealing system access credentials and passwords.

The vendor cited in recent reports does not do business in Wisconsin, and federal authorities have not notified the Wisconsin Elections Commission of any similar successful or unsuccessful attempts to breach the WisVote voter registration system or other state elections systems.  However, the headlines highlight the important role of all state and local election officials in keeping the system secure by practicing safe computing, so that voter registration data is protected for all of us and from all points of entry.

In light of these attacks in other states, the Commission recommends that all county and municipal clerks review our 2016 Report on Contingency Planning and Election System Security.  The report includes current security best practices for election IT systems, voting equipment and election night results, and is available on our website: http://elections.wi.gov/publications/manuals/contingency-planning-and-election-system-security-report.

There are many small, simple steps that clerks can take to help secure election-related computer systems and the critical data they store.  The following list is not exhaustive, but it provides a starting point for clerks to think about security.  Following these simple recommendations from the 2016 report will dramatically improve the overall security of the system:

  1. DO NOT share your WisVote user ID or password with anyone (even in your office), under any circumstances.  WEC staff will never ask you for your password, either over the telephone or via email.  
  2. Turn on automatic updates for your computer or promptly download all updates that come from your computer or operating system manufacturer.
  3. Install anti-virus software on your computer.
  4. Do not click on links in emails unless they are from a trusted source.  Hover over all links to see where they actually are going before clicking on them.  Sometime the link may appear legitimate but will direct you to a suspicious or malicious location.
  5. Do not install unnecessary programs onto your computer.  NEVER install programs that are not published by a trusted source.
  6. Do not request a WisVote account for a user in your office unless you are confident the person knows how to use the system correctly and can be trusted with the information they will have access to.  If feasible, perform background checks on staff before allowing them to use WisVote.
  7. Promptly notify the WEC Help Desk whenever a WisVote user stops working in your office so the account can be disabled.
  8. Upgrade your computer or operating system if it gets too old and is no longer supported.  Unsupported operating systems do not get critical security patches and become easy targets for intrusion.
  9. Remember that only WEC staff will contact you regarding the status of your WisVote username and password.

In coming months, WEC staff will update the WisVote training materials to include enhanced information about system security.  The reality is that there is not one foolproof step that can guarantee complete elimination of all hacking and security threats.  Constant vigilance and attention to system security will be required as techniques aimed at compromising election security change over time.  Fortunately, taking simple actions as outlined above can go a long way towards protecting IT applications and ensuring the integrity of Wisconsin elections.

The WEC continues working closely with the Wisconsin Department of Administration’s Division of Enterprise Technology (DET) on the security of its systems.  DET is in regular contact with the Department of Homeland Security and other state and federal law enforcement agencies about possible security threats.  As the Commission receives additional security information that would be helpful to clerks, our staff will pass it along to you.

If you have any questions about security, please contact the Elections Help Desk:  elections@wi.gov or (608) 261-2028.   Thank you.