In the wake of Donald Trump’s apparent indifference to the continued threat of Russia and other actors against elections, Governor Andrew M. Cuomo today announced a comprehensive initiative with the State Board of Elections to further secure New York State’s elections infrastructure and protect against foreign interference. The initiative will help County Boards of Elections strengthen their election cyber security in the face of foreign threats after the Department of Justice released an indictment of 12 Russian intelligence officers accused of hacking during the 2016 elections, which also alleged that Russian intelligence officers hacked into the website of a yet-unidentified state board of elections.
In the FY 2019 budget, Governor Cuomo secured $5 million to expand and further support statewide election cyber security infrastructure. The State will solicit contracts in the next few days for three independent services for County Boards of Elections, including: 1) cyber security risk assessments; 2) enhanced intrusion detection devices; and 3) managed security services. The State’s Secure Election Center, managed by the State Board of Elections, will also provide statewide, uniform cybersecurity training to all state and county election officials and staff prior to the Midterm Elections.
“While President Trump stands by those who seek to undermine our democracy, New York is taking aggressive action to protect our elections from foreign interference,” Governor Cuomo said. “There is nothing more sacred than democracy, and New Yorkers should know that when they cast their ballot that their vote is safe. The groundbreaking cyber security initiative we launch today will harden and protect our election infrastructure from the very real threat of foreign meddling. While the President has abdicated his responsibility to defend this country and left our electoral system open to sabotage by foreign adversaries, New York is fighting back and leading the way.”
“The integrity of our Elections system is our number one priority,” Co-Executive Director of the State Board of Elections Robert A. Brehmsaid. “The State Board has and will continue to diligently work and collaborate with our federal, state and county partners to strengthen and protect our elections infrastructure from any interference.”
“We have been working diligently since the 2016 election to improve security at the State Board, including our statewide voter registration database and networks with our counties,” Co-Executive Director of the State Board of Elections Todd D. Valentine said. “These additional services will ensure publicly facing applications and infrastructure for the county boards of elections will be more secure and better position the entire state elections system to respond to cyber incidents. These new revelations only serve to confirm that the measures we have taken so far to protect our elections are necessary and we have to remain vigilant as we move into the mid-term elections.”
This initiative builds on Governor Cuomo’s commitment to ensuring the integrity of elections in New York State. The State will execute contractsbeginning the first week of August through the Office of General Services on behalf of the State Board of Elections.
Comprehensive Risk Assessment for all County Boards of Election
The State Board of Elections will contract for professional services to conduct a comprehensive, uniform and verified risk assessment at every County Board of Elections. The State Board of Elections has conducted a County Board of Elections risk survey to gain an understanding of the security posture of each county board. This risk assessment will build off the county risk survey. This contract will provide a uniform and verified third party risk assessment which is critical in ascertaining a security baseline for our statewide elections infrastructure.
Enhanced Intrusion Detection Systems and Managed Security Services for County Boards of Election
Additionally, the State Board of Elections will contract for a vendor to provide enhanced intrusion detection systems and managed security services for all the County Boards of Elections. An intrusion detection system is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. Managed Security Services correlate logs/traffic and creates actionable reports on malicious cyber activity. Quote solicitations will seek to identify qualified companies on backdrop contracts that can fulfill the request for these services.
Cyber Security Training Program
The Secure Elections Center, housed in NYSBOE, will provide uniform online technical training courses and security awareness programs to all state and county election officials and staff. These web-based trainings will be provided prior to the 2018 Midterm Elections. As part of these trainings, officials and staff will learn cyber-hygiene, best email practices and how to identify phishing campaigns, among other topics.
This initiative will build upon Governor Cuomo’s efforts to safeguard New York State elections including:
- The State Board of Elections recently concluded a first-of-its-kind series of six regional tabletop exercises to identify risks and safeguard the election process against a cyber-attack. The State Board is coordinating with the federal Department of Homeland Security (DHS) to provide three on-line tabletop exercises in August 2018 for county election and IT professionals.
- Following the Governor’s 2018 State of the State proposals in January, New York was recognized as having one of the most secure elections systems in the nation in the Center for American Progress’ recent report.
Lieutenant Governor Kathy Hochul said, “With the Trump administration putting our country at risk and continuing to ignore the reality of Russian election interference, it’s up to New York to lead the way once again to protect the integrity of our elections. Sadly, we can’t count on the current federal government to protect us from threats of foreign election meddling. Our new cyber security initiative will give New Yorkers peace of mind as they go to the ballot box and will protect our democracy from those who seek to cause harm.”
William Pelgrin, Co-Chair of Governor Cuomo’s Cyber Security Advisory Board, Founder of the Multi-State Information Sharing and Analysis Center (MS-ISAC), CEO of CyberWA, Inc., and Board Director and Global Strategic Advisor for Global Cyber Alliance, said, “This announcement again demonstrates Governor Cuomo’s and New York’s strong commitment toward an enhanced cyber security posture. This initiative will greatly assist County Board of Elections by facilitating the process to identify and deploy key essential layers of cyber security. Cyber security risk assessments and intrusion detection devices are critical layers of preparedness to understand one’s computing infrastructure and what is required to address any associated risks as well as continuously monitoring that environment for malicious activities.”
Richard Clarke, Governor Cuomo’s Cyber Security Advisory Board Member, Chairman and CEO, Good Harbor Consulting, LLC and Former White House Counter-Terrorism and Cyber Security Advisor, said, “Given the Intelligence Community’s assessment that Russian efforts to interfere in our democracy continue, Governor Cuomo’s steps to protect the election infrastructure are commendable and should be immediately copied by other states.”
New York State Division of Homeland Security and Emergency Services Commissioner Roger Parrino said, “Security of our election process is paramount. These initiatives support our state and local partners to strengthen our election cyber infrastructure from those who seek to manipulate our election process.”
New York State Office of General Service Commissioner RoAnnDestito said, “Governor Cuomo has been clear that secure elections are fundamental to democracy and these steps by the Board of Elections will help further protect this process in New York State.”
After Trump tried to undo the damage of his statements in Helsinki by claiming that he “misspoke” when he left out “not” regarding whether Russia was to blame for hacking the 2016 election, Cuomo took him to task.
“Mr. President: Do you think the American people are stupid? You’re the leader of the free world – you don’t misspeak when it comes to our foreign enemies. You shamefully defended those who tried to sabotage our democracy, and now Congress must decide if your remarks or actions were in fact treasonous.
“While it’s clear we cannot rely on this federal government to protect the sanctity of our elections, New York will do everything in its power to. In light of this potential foreign interference, today we announced a groundbreaking cyber security initiative to strengthen our election infrastructure. I urge Congress to step up and do the same.”
In Helsinki, Trump had said, “I have President Putin; he just said it’s not Russia. I will say this: I don’t see any reason why it would be. But I really do want to see the server.” The next day, in a room full of Republican Congressmembers, Trump claimed that he should have said, “would not be”.