The Department of Homeland Security’s CISA Hunt and Incident Response Team (HIRT) found no direct malicious activity affecting the ePollbook laptops used in certain Durham County, N.C., precincts during the 2016 election.
HIRT was asked by the Durham County Board of Elections to examine the ePollbook laptops after several reported inaccurate data to poll workers. The team’s report noted that while it could not conclusively identify any threat activity on the 24 ePollbooks it checked, HIRT found several areas where Durham’s Board of Elections needs to bolster its security practices.
HIRT also looked at 21 USB activators, 10 hard drives and disk images of the desktop computer used to load voter registration information onto the USB activators.
“HIRT did not positively identify any threat actors or malware on the DCBoE systems provided for analysis. Additionally, HIRT did not identify any remote access to the systems under analysis during the election timeframe. HIRT did identify several areas where defense-in-depth protections and system configurations could be improved to help DCBoE reduce risk of compromise in the future,” the HIRT report stated.
The specific recommendations made in the 12-page report were redacted, but a few general suggestions were left in the clear. First, the county needs to properly implement defensive techniques and programs to enter and remain on their network. Secondly, any unknown activity should trigger detection and prevention mechanisms so the intrusion can be contained.