SANTA FE, N.M. -- Beware the phishing attempts.
An election security official with the U.S. Department of Homeland Security on Tuesday warned top state election officials nationwide to safeguard against fraudulent emails targeting state and local election workers.
The emails appear as if they come from a legitimate source and contain links that, if clicked, can open up election data systems to manipulation or attacks.
Geoff Hale, director of the department's Election Security Initiative, told a gathering of secretaries of state that the nation's decentralized voting systems remain especially vulnerable to emails that can trick unsuspecting workers into providing access to elections databases.
"We know that phishing is how a significant number of state and local government networks become exploited," Hale told scores of secretaries of state gathered in the New Mexico capital city. "Understanding your organization's susceptibility to phishing is one of the biggest things you can do."
Email phishing schemes haunted the electoral landscape in 2016. Hillary Clinton's 2016 campaign chairman, John Podesta, fell for trick emails on his personal account, allowing Russians to steal thousands of messages about the inner workings of the campaign. Targeted phishing emails also allowed Russians to gain access to the Democratic Congressional Campaign Committee's networks and eventually exploited that to gain entry to the Democratic National Committee.
In the run-up to the 2020 vote, Iowa Secretary of State Paul Pate, a Republican, is calling phishing the No. 1 concern when it comes to securing election-related computer systems in his state.
Iowa's 100 county political subdivisions make the threat especially challenging. He said his fear is that phishing emails may target overlooked public employees who don't have adequate training.
"If they get into the courthouse, they can then get into the county auditor, which is our elections folks — and that's not a good thing," Pate said.
Pate's agency is fighting back with two-factor identification requirements for anyone accessing state voter systems, and mandatory annual cyber-security training sessions.
Phishing threats lay bare the difficulties of guarding election systems across large rural expanses. New Mexico Democratic Secretary of State Maggie Toulouse Oliver says new federal funding is needed to bolster cyber security in counties that are too small to hire information technology specialists. There are seven counties in the state with fewer than 5,000 residents; Harding County is home to about 700.
State election chiefs gathered in Santa Fe for the first time since the release of special counsel Robert Mueller's report documenting Russian meddling in the 2016 election.
California's Secretary of State Alex Padilla said he, too, is concerned about so-called soft cybersecurity threats, beyond voting equipment or software, such as predatory phishing for security weaknesses among election workers.
"You can read the Mueller report on what the most effective strategies were that the Russians engaged in, and most cyber experts will tell you that it's still phishing attempts that are rampant," he said.