The previously unreported attack on Hamilton illustrates an overlooked security weakness that could hamper the November election: the vulnerability of email systems in county offices that handle the voting process from registration to casting and counting ballots. Although experts have repeatedly warned state and local officials to follow best practices for computer security, numerous smaller locales like Hamilton appear to have taken few precautionary measures.
U.S. Department of Homeland Security officials have helped local governments in recent years to bolster their infrastructure, following Russian hacking attempts during the last presidential election. But desktop computers used each day in small rural counties to send routine emails, compose official documents or analyze spreadsheets can be easier targets, in part because those jurisdictions may not have the resources or know-how to update systems or afford security professionals familiar with the latest practices.
A ProPublica review of municipal government email systems in swing states found that dozens of them relied on homebrew setups or didn’t follow industry standards. Those protocols include encryption to ensure email passwords are secure and measures that confirm that people sending emails are who they purport to be. At least a dozen counties in battleground states didn’t use cloud-hosted email from firms like Google or Microsoft. While not a cure-all, such services improve protections against email hacks.