Cybersecurity

Report finds states have improved cybersecurity for voter registration data

States have successfully increased cybersecurity surrounding their voter registration databases but still struggle with adopting some security measures, according to a new report released Thursday.

The Center for Election Innovation and Research (CEIR) found in a survey of 26 states between June and July of this year that the states had largely stepped up their cybersecurity efforts since the 2016 elections, including adopting tools to try to block some attacks.

{mosads}The report found that most of the states were regularly auditing their systems and had trained staffers accessing the voter registration database about spear-phishing attacks. The attacks, which were utilized during the 2016 elections, attempt to trick users into giving their login credentials to hackers. 

Still, the report highlighted several areas of improvement still needed. Multi-factor authentication, which requires users to verify that they are attempting to access their accounts, is only being used by 13 of the 26 responding states.

And the report found that the states could improve their password requirements for users, with five not imposing conditions like using three or more different kinds of characters or not utilizing common passwords.

“The survey shows just how much progress states have made since 2016 in key areas of cybersecurity to prevent, detect, and mitigate foreign interference,” David Becker, the executive director of CEIR, said in a statement. 

“There is no finish line in cybersecurity, so Congress and state legislatures will need to provide elections officials with a consistent funding stream to continue to improve their training and protocols around election cybersecurity,” he continued.

“But voters can feel confident their election officials have been working overtime to protect the security and integrity of voter registration data.”

A Department of Homeland Security (DHS) official told members of Congress last year that election-related systems in at least 21 states were targeted ahead of the 2016 elections.

The Trump administration in March handed out $380 million to states to update and secure their voting technology. House Democrats tried to increase that funding earlier this year, but the attempt was shot down by Republicans, who said the grant program behind the election security assistance is already fully funded.