Reviewing election cybersecurity in this week's primary states

Kansas, Michigan, Missouri and Washington -- we're looking at you.

Since learning of Russia's attempts to hack into the elections systems of 21 states during the 2016 US presidential race, legislators have been on high alert. Cybersecurity experts have warned it's likely the Kremlin will attack again, and already it's been caught attempting to infiltrate legislators' computers and use phony social media accounts to influence the outcome of 2018 state primaries.

Four states are holding elections on Tuesday -- Kansas, Michigan, Missouri and Washington -- and some lawmakers are doing more than others to protect their systems against cyber attacks. Here's a breakdown of each state's approach to elections cybersecurity, as of August 2018:



Elections in Kansas are fractured affairs. During the 2016 presidential election, 70 Kansas counties used paper ballots (the most-secure voting method in regards to cybersecurity), while 35 used electronic machines with varying levels of accuracy assurance. Fifteen counties used electronic machines without Voter Verifiable Paper Audit Trail systems, making it difficult or impossible for voters and legislators to double-check ballots. Additionally, Kansas allows overseas voters to submit ballots electronically, "a practice that election security experts say is notoriously insecure," according to the Center for American Progress.

Kansas Secretary of State Kris Kobach said 85 counties will use voting machines that produce a paper trail in the 2018 elections, and he's pushing his remaining 20 counties to implement VVPAT systems.

Lawmakers introduced the Kansas Cybersecurity Act in 2017, attempting to establish roles to oversee the state's electronic elections systems, and ensure compliance with laws and cooperation with government agencies. The bill died in the state Senate more than a year later.

"Kansas's reliance on machines that do not provide a paper record, coupled with its failure to carry out post-election audits even in jurisdictions with voter-verified paper trails, leaves the state open to undetected hacking and other Election Day problems," the Center for American Progress said.



Michigan attempted to get ahead of cybersecurity concerns in the 2018 election, implementing new equipment and programs making it harder for hackers to infiltrate its systems. The state spent $40 million to establish upgraded optical-scan systems in all 83 counties for the 2018 elections. Plus, it accepted $11.2 million in federal elections security grants and expanded cybersecurity training for local elections clerks.

Michigan uses paper ballots, the recommended method of secure voting, though it doesn't mandate post-election audits (32 states require full audits). Refusing to fully audit votes after the fact opens any state up to undetected tampering, according to the Center of American Progress.


Missouri wasn't one of the 21 states directly targeted by Russian hackers during the 2016 presidential election, though Democratic Senator Claire McCaskill was the subject of a Russian phishing attempt in August 2017 designed to influence this week's elections.

"Some of our counties, they have no technical support."
- Missouri Secretary of State Jay Ashcroft

Missouri uses paper ballots and voting machines that provide a paper trail, two methods critical to elections integrity. However, its auditing process doesn't mandate that all ballots be included, the Center for American Progress reports. Additionally, the state allows overseas voters to submit ballots electronically, making them vulnerable to digital manipulation.

Earlier in 2018, Missouri accepted roughly $7.2 million in federal grant money allocated for elections security upgrades, though those funds have yet to be implemented in a concrete way.

"We were the first state to receive that money from the federal government, and we're in the stages of planning how to best spend that money," Missouri Secretary of State Jay Ashcroft told NPR on August 2nd. "Some of our counties, they have no technical support. The only technical support they have is from the secretary of state's office. We're working with third-party vendors to come in and try to show us what they believe some of our weaknesses are."


"They have been on the forefront of cybersecurity planning."
- Washington Secretary of State Kim Wyman

Russian hackers scanned Washington's voter registration systems for vulnerabilities in 2016, though they didn't carry out an attack. Since then, Washington has partnered with the Department of Homeland Security to improve and monitor its elections systems, and it's working with the state National Guard to implement heightened cybersecurity measures. This includes programs that test the state's readiness to identify and respond to hacking attempts.

"You have a number of guard members who are Microsoft employees and Google employees, so they have been on the forefront of cybersecurity planning," Secretary of State Kim Wyman told a local NBC station in April.

Washington uses paper ballots (mail-in mostly) and voting machines that produce paper trails -- both considered to be good practices in elections cybersecurity -- though it doesn't require an audit for paper-only votes, which make up a bulk of the state's ballots.

"Its failure to require post-election audits on paper ballots leaves the state open to undetected hacking and other Election Day problems," the Center for American Progress said.

Images: Dave Kaup / Reuters (Paul Davis, map); Jeff Kowalsky / Reuters (Abdul El-Sayed)