Democratic primary season is underway, and the Illinois Auditor General just raised the alarm about cybersecurity failings at the State Board of Elections.
The Illinois primary election is Tuesday, March 17, 2020.
We just reviewed the Illinois Auditor General's report, which summarizes the board of elections like this:
"The State Board of Elections had not implemented adequate internal controls related to cybersecurity programs and practices."
Here are specific cybersecurity problems noted by the auditor's office. The Elections Board:
While the Illinois Board of Elections admits it has not "formalized" cybersecurity policies, it claims it is more secure than it used to be.
"The Board has evaluated and implemented several technical security controls that have significantly increased the Board's security posture and reduced our threat attack surface."
It also claims that current employees do receive annual security awareness training, but admits that new employees do not receive the training.
Cybersecurity leaders at SecureWorld conferences now tell us that security training as part of employee on-boarding is a best practice.
[RESOURCE: Illinois Auditor General Report on Elections Cybersecurity (PDF); see pages 9-10 for the cybersecurity portion of the report.]
Cybersecurity and elections remain an issue of national concern.
This report from Illinois, and the confusion during the 2020 Iowa caucus, may have further damaged voter confidence in election technology.