Fellow Supervisors et al.,
By now I’m sure you’ve read the numerous reports of the recently leaked NSA report on Russian Hacking and hopefully you have taken the time to read the statement released by VR Systems. First, I want to remind you that contrary to the headline of many of the published reports, there has not been a verified report of any “hacking of US voting system.”
As VR stated, these news reports detail an attempt to gain information through the use of Phishing (The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.) or Spear Phishing (The fraudulent practice of sending emails ostensibly from a known or trusted sender in order to induce targeted individuals to reveal confidential information.) and highlights the fact “that none of VR systems products perform the function of ballot marking, or tabulation of marked ballots.” However, there is a very important lesson to be learned from this event; the importance of the use of enterprise grade Antivirus, email SPAM filtering. It is also vitally important to routinely apply the latest patch or updates to ensure the greatest threat protection available. I cannot stress this too much, as our office receives thousands of fraudulent phishing and spam emails daily, which could cripple our organization without the use of these email resources.
In Summary, I would like to quote a recent blog entry by Mike Ertel, Seminole County Supervisor of Elections.
“2016 Debunk the Bunk (long, but important epilogue): You will be reading news reports today of a purported attempt to access Florida voter registration records by the Russian military. A couple of core facts about this story:
1) Florida voter registrations are public records. Anyone can get them by simply asking their local elections office.
2) The data and physical security measures our office employs for our technology infrastructure are top-notch. We have dug a cyber moat around the data so we can ensure access of sensitive information and systems by only those granted access.
3) We were aware of the cited phishing email the very moment it happened and took measures to ensure we were not impacted.
4) Like everyone who uses email, we are subject to dozens of phishing email scams daily -- we're sophisticated enough to catch them.
5) Important: Even if the bad guys would have accessed our local registration files (which they didn't), those files are in no way connected to vote counting.
6) I've said it hundreds of times, "you can't hack paper." Seminole County votes on trusted paper ballots.
7) In summation: Our election was not hacked by Russians. This whole exercise, however, does highlight two vital tenants of our republic: Elections are best run in our decentralized manner, allowing a greater obstacle for shenanigans; and competent, savvy, independent and principled elections administrators are looking out for you.
8) Like I always close... if anyone is trying to scare you into thinking your legitimate vote won't (or didn't) count, contact your local elections administrator.”
Please do not hesitate to contact me with any questions you might have on this report. I look forward to seeing each of you soon!
Chris H. Chambless, CERA, MFCEP
Supervisor of Elections