Federal Analysis Finds No Evidence of Cyberattack on Durham County Election in 2016 | Eastern North Carolina Now

Press Release:

    The following is a joint news release from the North Carolina State Board of Elections and Durham County Board of Elections:

    RALEIGH, N.C.     A months-long federal assessment of voter check-in computers used in the 2016 election in Durham County found no evidence of malware or unauthorized access to the county's systems.

    On Election Day, November 8, 2016, Durham County Board of Elections staff reported that the electronic pollbook laptops used to check voters in at polling places presented inaccurate data to poll workers in a small number of precincts. The inaccuracies included erroneously identifying voters as having already voted, identifying registered voters as unregistered, and prompting poll workers to ask voters to present an ID when IDs were not required to vote at that time. As a result, the State Board office required Durham County to use paper pollbooks when checking in voters. Voting ultimately resumed.

    The analysis by the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency's (CISA) Hunt and Incident Response Team (HIRT) was requested by the State Board of Elections and Durham County Board of Elections. Its findings support what state and county elections officials concluded during their own analyses - that a cybersecurity breach was not to blame for problems with the voter check-in process on November 8, 2016.

    CISA analyzed 24 laptops loaded with the electronic pollbook software EViD, which is used to check in voters at polling places. CISA also analyzed 21 USB drives used to load voter registration data onto laptops used by poll workers, as well as forensic images of the desktop computer used by Durham County Board of Elections employees who downloaded voter registration data from state servers and loaded it onto the USB activators.

    "HIRT did not positively identify any threat actors or malware on the (Durham County Board of Elections) systems provided for analysis," according to a DHS report of its analysis. "Additionally, HIRT did not identify remote access to the systems under analysis during the election timeframe."

    Specifically, CISA's assessment found:

• No evidence of malware on, or unauthorized access to, the 24 laptops.
• No evidence of malicious software on the USB activators.
• No evidence of malicious activity on the desktop computer.

    CISA's report, with redactions due to security and proprietary information, is available HERE.

    State Board investigators found that the issues were most likely the result of Durham County staff and poll worker error and unfamiliarity with the electronic pollbook functions, combined with a lack of adequate staff training and quality control by the EViD vendor, VR Systems.

    Durham County hired Protus3, a security consulting and investigative firm, to conduct a review of the events that occurred on Election Day in Durham County. Following its investigation, Protus3 determined that the issues that occurred during the 2016 general election were most likely caused by internal administrative error.

    In its report, CISA also provided recommendations to improve cybersecurity and protect against possible interference. Those recommendations have been redacted in accordance with N.C.G.S. § 132-1.7, which protects sensitive public security information. Redactions were made with guidance from State Board of Elections' legal team and cybersecurity staff and consultants, with the approval of CISA. Many of the recommendations provided by CISA are general and would apply to all county boards of elections in North Carolina. Durham County has many of the suggested infrastructure protection tools in place and is working on additional enhancements to its systems.

    For more on election security in North Carolina, go to ncsbe.gov/YourVoteCountsNC.

    Statement from Philip Lehman, chairman of the Durham County Board of Elections:

    "The CISA Report is compelling evidence that there were no cyberattacks impacting the 2016 election in Durham. As we have acknowledged, there was human error in the preparation of electronic poll books. Since that time, the Durham County Board of Elections has implemented additional training, security measures and staffing changes. Elections in 2017, 2018 and 2019 were conducted efficiently and accurately with no significant incidents."

    Statement from Karen Brinson Bell, executive director of the State Board of Elections:

    "When the problems with electronic pollbooks occurred, the county was able to switch to paper pollbooks to check in voters, and the election was completed without further incident.

    This issue highlights the importance of poll worker training by elections officials and the vendors whose products are used in North Carolina. Election security is an ongoing process, and the State Board will continue to work with the 100 county boards of elections and our state and federal government partners to improve security at every step in the voting process."

• Contact: Patrick Gannon
•     patrick.gannon@ncsbe.gov