The State of Georgia has used KSU, Kennesaw State University, for the past 15 years to manage elections. The collective services provided via a state contract is known as "Election Center". The contract may be lost following a data breach in 2016 exposing 6.5 million voter records. The breach, albeit accidently, made national headlines. These headlines were coupled with the allegation that Russian officials breached Georgia voting machines.
The Secretary of State's office, who is responsible for managing elections in Georgia, is actively considering alternatives. In a statement released on Wednesday the Secretary of State's office stated that the office is "actively investigating alternative arrangements to replace the KSU services. The contract currently pays around $800,000 annually, ending later this month.
This is in response to a politico expose' that essentially allowed a hacker to obtain records, passwords, and other vital information necessary to breach the system. The breach included both voter information and confidential poll watchers and other election worker's information and instructions. This came at a time when "cyber security" and "hackers stole Presidential Election" as one of the primary news cycles. Recently, Georgia Representative Hank Johnson (D-GA4) introduced legislation in 2016 and 2017 that would mark election systems as "critical infrastructure" and under the responsibility of the federal government.
It is often misunderstood electronic election machines, over 25,000 used in Georgia, have no connection to the internet. The misconception is that the election machines are always connected to the internet allowing each to be susceptible to an electronic intrusion. These machines, and the ones that contain the poll books and election system, are stand-alone machines. The voting data (ballot's cast) are taken from a card, on each machine, and combined before being transmitted to the Secretary of State's office for summaries and tallies.
The services provided by KSU also do not include the elector database. The elector database, voter registration information, is housed in a separate system somewhat autonomous of the balance of the state infrastructure. In 2016 a CD [Compact Disc] containing the voter information was accidently released to several media outlets by a Secretary of State staffer. There was no damage done in the ironic twist of media outlets returning the sensitive information back to the Secretary's office.
Cyber security experts had warned of possible vulnerabilities of the aging systems and no action was taken prior to the simulated breach by Politico. While no vote results were accessible to be tampered, nor the elector database available, experts warned that the data that was penetrated could be used to exploit other vulnerabilities allowing access to both voting databases and election results.
This increased attention comes at a time of a partisan narrative by Democrats that are trying to prove the Presidential election results were tampered by unauthorized access and a contentious special election with the attention of the nation. Eight months later the Democratic party is trying to invalidate the 2016 Presidential Election results.
The race to replace Secretary Tom Price, Representative of the 6th District of Georgia, has conducted a special election and now a run-off. Various law suits have been filed over voter registration deadlines, provisional ballots, and increasing the early voting locations for electors to cast their ballot. The race has become the most expensive in the history of congressional elections. Critics claim fallacies in the electronic systems and petitioned the courts, unsuccessfully, to issue paper ballots. This comes after a previous law suit demanding voter registration be extended.
The State of Georgia does participate in "friendly hacking" a common practice to identify and exploit vulnerabilities. Georgia was not one of the 39 states to have been allegedly attacked with IP [Internet Protocol] originating from Russia. However, unauthorized attempts were made from IPs originating from the Department of Homeland Security. Both the Russian and Homeland Security attempts and breaches were during the 2016 Presidential Election. Department of Homeland Security would manage the election machines should they be deemed "critical infrastructure."
KSU follows similar protocols to test security measures and recently provided a report to the Secretary of States' office. The vulnerabilities that were uncovered included unsecured access to one closet that contained a server and wires plugged into a network appliance that was not documented. Following the attempted breach, the FBI was engaged and no wrong doing by the hacker was identified.
The race for the 6th District has been brought back the subject of voting processes and election technology integrity. The election will be held on June 20th and early voting ends on Friday.Channel : NetNewsJournalsGeorgia.sm NetNewsCatster: Nicholas Honeycutt