Inside one of Colorado’s busiest election hubs on Tuesday morning, it was so quiet you could hear someone crack open a can of soda. All eyes were on personal computer screens or the big monitor in the front of the room showing activity on computer systems handling state voter registration, voter verification and vote tallies.
They were on alert for unusual activity, cyber attacks or other potential threats.
“What we’ve seen is what other states have seen as well, and we’ve been communicating across the states. We’ve seen minor scans from various countries,” said Rich Schliep, chief information security officer for the Colorado Department of State.
Countries?
“Well, computers that are sourced from other countries. That’s not necessarily nation-states’ activity but just from computers that are located outside the U.S,” clarified Trevor Timmons, chief information officer for the same department. “Honestly, it happens all the time.”
MORE: Read more politics and government coverage from The Colorado Sun.
It was pretty boring through the afternoon at the special cybersecurity war room inside the Secretary of State’s Office. The scanning, Timmons explained, is similar to what happens to all home internet users. The curious could dig into their router or computer firewall’s activity logs to find evidence of random computers sniffing for an unprotected door to get inside a private computer.
”If you have a computer facing the internet, you’re getting scanned all the time. What you’re probably not seeing all the time with a home computer are denial of service attack or SQL injection attacks,” Timmons said. “We’d block it because that’s malicious.”
But that wasn’t happening Tuesday.
“There’s no difference in volume” compared to other non-election days, Schliep said. “That may change throughout the day. But so far, it’s been a normal day.”
What’s also becoming normal is the homegrown task force watching for any digital attacks. Before 2016, the state’s election cybersecurity monitoring was limited to a small team of State Department security employees. Today, they’re joined by members of the Colorado National Guard, the Colorado Division of Homeland Security, the Office of Information Technology, Office of Emergency Management, Regis University cybersecurity professors and others.
“We’re here based on the governor’s direction,” said Maj. Dave Sonheim, who brought a team of six from the Colorado National Guard. “During the elections, having the defensive cyberteam on site gives them another resource. It’s really just for monitoring to see if we see anything out of the norm.”
An example?
“Maybe one county only has 20,000 people and all of a sudden, we see 40,000 votes happen,” Sonheim said. “That would be unique. Why is that happening? Why is that system picking up that traffic and things like that that aren’t normal.”
Steven Fulton, a professor at the Information Systems Department at Regis University, said the state is more open to sharing what’s happening behind the scenes than one would expect.
“From where I sit, I think we in Colorado are very lucky. I say that because people are actually giving thought to the election in advance,” Fulton said. “I’ve heard many people in the state and technology talking about this and they’re open and honest. I feel like they’re realizing they have to address this (security concerns).”
The state has beefed up election security in recent years. In 2013, it implemented two-factor authentication across its system so anyone logging into the elections — from the municipal, city and county level — needed an email, password and a fresh code that is sent to an alternate device, such as a text to a mobile phone.
The state also uses sensors to monitor unusual activity coming in from the voting centers that verify voter registration. That helps officials know if there is unusual activity, and it’s also plugged into federal security officials who can see if strange activity is occurring in multiple states.
And it’s using Cloudflare and Google’s Project Shield, two services that protect sites against denial of service attacks.
Security officials can’t stop cyber scanning, but they can block the ones trying to launch a denial of service attack or SQL injection attack. They can also block incoming threats by geography.
“In general, most of our sites are protected by geo-IP blocking so a lot of the countries will just see firewall denials because we only allow in the systems that need to be allowed in,” such as military and overseas civilian voters, Schliep said.
While cybersecurity seems like it’s been on the top of many minds for years, the ramp-up in Colorado elections and the nation really started after the 2016 presidential election.
“You remember with John Podesta’s email hacks? The disclosure of Hillary Clinton’s emails? That’s really what started to bring this to the surface in terms of national awareness that this is an area that we as a nation need to focus on. That was really the springboard across the country to start this kind of all-in approach in terms of monitoring and response and preparedness,” Timmons said. “And that was even before the formal designation.”
Back in January 2017, the U.S. Department of Homeland Security designated election systems as part of the nation’s critical infrastructure. That means the state and federal security agencies must engage with state officials during elections.
Timmons said Colorado was already talking to Department of Homeland Security months before the designation to take advantage of any extra services the federal agency offered.
“They recognized the importance of this,” he said.
More from The Colorado Sun