A portion of the international news spotlight fell on Georgia this week and the case of a young national-security contractor who leaked a top-secret report to a little-known news outlet having to do with Russian hackers and the last election. This is noteworthy for us for several reasons.
First, it is an ignominious way for the world to recognize Georgia’s growing role in cybersecurity. Fort Gordon near Augusta is the new home of the U.S. Army’s Cyber Command and a branch facility of the National Security Agency that contracted with the company employing the alleged leaker.
The state is establishing a cybersecurity research center at Georgia Tech, near the headquarters of some of the private sector’s most successful digital-security firms and the country’s major hub of financial transaction processing. Stories from here like this one are likely to become less infrequent.
The Peach State is at the center of this story because it is now at the center of cybersecurity.
Ironically, it was human action, not a breach in cybersecurity, that led to the leak of the memo. And in the memo, the NSA recounts how it believes Russian hackers sought to exploit other human weaknesses to get deeper into local election systems.
There is another reason Georgians have an interest in this story, besides the fact that it happened in our backyard. That is because our state makes the most use of electronic voting.
After our neighbor Florida became red faced over the saga of hanging chads during the vote count for the 2000 presidential election, Georgia Secretary of State Cathy Cox convinced the legislature to fund the $54 million statewide implementation of electronic voting, the first in the nation to do so. As predicted, it did result in dramatically quicker election returns, to the appreciation of journalists and politicos who can now get to bed sooner on election nights.
However, ever since, Georgia’s system has been the regular subject of warnings from critics alleging inherent vulnerability to hacking. But since the machines are never connected to the internet, any concerted effort to tilt the vote count would take the cooperation of hundreds of local election officials.
The leaked NSA report, according to the published accounts, showed that the hackers targeted a Florida company. It doesn’t manufacture voting machines but rather the application that makes voter rolls available online to local poll workers in seven states, but not Georgia. The hackers sent “spear phishing” emails to users of those databases trying to fool them into revealing passwords, and NSA thinks at least one fell for it.
In the end, the vote count wasn’t questioned in any of those seven states after November’s election.
So, while Georgians are chagrined over being the site of the leak, we can breathe a little easier knowing our votes were not compromised. The challenge for leaders at all levels is to ensure that their workers and contractors maintain system integrity by not inadvertently divulging passwords or by intentional disclosure.