During a presidential election marked by heightened anxiety over election security, a Towson University associate professor is expanding a program she began in 2017 to assess potential risks to state elections and train election workers to prevent vulnerabilities at voting sites.
Natalie Scala, associate professor of business analytics and technology management said the thrust of her research is: “How do we ensure the votes of the typical American have integrity? And how do we protect that process?”
The program, which uses ongoing research on cyber, physical and insider threats to elections to develop electronic training modules created for poll workers, is one of the few in the country that focuses on election security at the polling place itself, she said.
“At the state level, there’s a lot of thinking and scorecard analyses of how to keep [elections at the] state level safe,” Scala said, “but the public interacts with the process at the polling place.”
And in a year when polling places have been replaced by fewer voting centers, and new election judges are replacing veteran election judges who often are older and more at risk of coronavirus complications, training poll workers about how to identify and prevent security breaches is all the more important — especially since Maryland does not mandate statewide election security training for poll workers.
“Poll workers are a first line of defense,” Scala said. “We want to make sure they could know what could happen … and fix it right away at the source before it becomes an issue.”
Security breaches at a polling place or voting center most likely would arise from human error, and election judges are the ones who pose the greatest threat, Scala said. The initiative began as the research project of a graduate student focused on Harford County elections, developing training modules based on the findings.
This year, the interdisciplinary Towson team has partnered with the Anne Arundel County Board of Elections to train more than 1,930 poll workers for Election Day. Judges who used one of the 30-minute training modules demonstrated a better understanding of how to prevent mistakes from happening, Scala said.
“Part of working in elections is risk management and evaluating what can go wrong on Election Day,” said David Garreis, deputy director of Anne Arundel County elections. “It’s one of those things that, in this day and age, you have to take seriously.”
The state does pretty well in terms of safeguarding its elections, and there have been no documented breaches from outside actors, “but there’s always room for improvement,” Scala said.
Outside of the polling place, Scala’s research in 2018 showed that Maryland election security could be most vulnerable to hacking of electronic poll data and voter registration; compromised flash drives containing voter registration data; a hack of Maryland’s entire network; hacking of the state Board of Elections website that passes malware to locals election boards; and simply not securing access compartments on ballot scanners at voting sites.
Maryland earned a grade of ‘B’ from the Center for American Progress based on its adherence to “minimum cybersecurity best practices related to voter registration systems” and “its failure to carry out postelection audits that test the accuracy of election outcomes leaves the state open to undetected hacking and other Election Day problems,” according to the 2018 report.
One of the most effective ways a state can protect itself against cyberattacks is by investing in its polling infrastructure, said Richard Forno, assistant director of the Center for Cyber Security at the University of Maryland, Baltimore County.
Some electronic voting machines might not have been updated in 15 years, he said. The problem is that in many states, “it’s never seen as something you need to throw a ton of money at” because elections only occur every two years, Forno said.
In Maryland, the State Board of Elections was funded at $27.7 million in fiscal 2020, and has almost $30.7 million appropriated for fiscal 2021.
But to Forno, this year’s election poses threats that go beyond technology and cybersecurity.
“The biggest threat I think to the election this year is not necessarily cyber, in terms of hackers,” he said. “It’s in cyber techniques of influence” that seek to erode public trust in the election process by sowing disinformation.
“That, to me, is more insidious, and that’s not something you can easily counter.”
More than half of Americans, 55%, surveyed in 2018 by the Pew Research Center, said they’re not confident the country’s elections are safe from cybersecurity threats.
Scala established the program after a report by special counsel for the U.S. Department of Justice Robert Mueller found the Russian government interfered in the 2016 presidential election “in sweeping and systematic fashion,” and all 50 states were attacked in the 2016 election cycle.
Mueller testified in 2019 before the Senate Committee on the Judiciary that he believed “interference was ongoing; they were anticipating further issues in 2020,” Scala said.
But this year amid the pandemic, concerns over the safety of mail-based voting largely dominated public discourse on election security.
“Overall, mail-based voting is extremely safe,” said Scala, who expanded her team’s research to look at the security risks of the mail-in ballots. And “combining it with in-person voting is a huge advantage,” she said.
That’s because using mail-in voting in tandem with voting centers can tamp down the volume of ballots being processed through the U.S. Postal Service, which has been accused by some officials, like Maryland Attorney General Brian Frosh, of attempting to disrupt the election by levying cost-saving measures causing mail delays in the months leading up to Election Day.
Election officials, including in Baltimore County, urge voters to cast their ballots through the mail sooner rather than later. Those who requested ballots through the mail also can cast them at ballot drop boxes instead of by mail.
A Goucher College poll reports 48% of likely voters surveyed expected to either mail in a ballot or take it to a drop box. Another 51% planned to vote in person, either on Election Day or at an early-voting center.
Maryland is offering 300 consolidated voting centers across the state for the Nov. 3 election due to the pandemic. Early voting will be offered at about 80 of those centers, starting Oct. 26.
According to Scala’s research on mail-based voting, which she began in the spring and which still must be peer reviewed, the very nature of voting by mail precludes a large-scale attack on ballots because of the dispersion of drop boxes.
“For a large-scale attack to happen on mail-based voting, every single mailbox has to be compromised,” she said. “It’s a large amount of time and not a large return" for would-be attackers.
Still, voting by mail presented challenges in June when nearly 35,000 ballots were not counted during the June primary. That number could climb in November as turnout is expected to spike, local election boards are swamped and voters continue to make use of mail-in ballots.
For Forno’s part, “I’m not worried about voter fraud or thousands of ballots showing up somewhere,” he said. “To me it’s just the … chaos in the information environment.”
Latest Baltimore County
Baltimore Sun reporter Emily Opilo contributed to this report.