Utah works with Homeland Security to test strength of state’s voter database

SALT LAKE CITY -- Utah took proactive measures to combat cyber hacks into its voter registration database ahead of the June 26 primary election.

The state's election office, which is run by the Lt. Governor's Office, used the Homeland Security Department’s offer to test the strength of Utah’s voter database.

“As a lot of people have heard, there has been different foreign actors and different groups that have been trying to penetrate or hack into different voting systems across the country,” said Justin Lee, Director of Elections for Utah.

Lee is referring to the federal officials confirming Russia hacked 21 states’ databases during 2016, including Utah neighbors Arizona and Colorado.

“When your neighbor’s house gets broken into, even if it’s not yours, you check the locks, you check the doors and make sure the alarm system is working; so it would be pretty ignorant if we didn’t do everything to make sure we are safe,” Lee said.

Local cyber security expert Neil Wyler believes the tests Homeland Security said they are doing to Utah’s database are a good proactive measure. They are carrying out penetration tests, or what Wyler calls “pen tests.”

“Pen testing is essentially when you get a team of folks together, and they have the skill set of the attackers, what should be skilled hackers—those individuals will go in and approach the system as if they were the hacker themselves,” Wyler said.

Wyler said he started hacking into computers when he was only 11 years old. After joining the United States Air Force and then leaving the service, he started his own cyber security company, which included penetration testing and consulting.

Now he runs the largest hacker (or cyber security) convention, called Def Con, in Las Vegas every summer; and he is a founder of 801 Labs in Salt Lake City, which is another cyber security company.

He addressed how Utah was not on the list of 21 states that Russia hacked into.

“That’s what makes the security portion of this very ethereal; you could say ‘Oh, well, we didn’t show up on that list, that’s great! that means we weren’t targeted’ or that means they just weren’t detected because they were good enough that they got past security because they didn’t notice we were there," he said.

Wyler said the challenge for people using pen testing is they only have the skills to combat the hacks they have seen other successful hackers use in the past, versus what may come.

Lee said he will never say the voter database system cannot be hacked; however, he is working with the Lieutenant Governor’s Office to make sure they take those preventable measures to keep working to protect Utah voters.

“We’d be naive to think that they are not going to try something new or something different," Lee said. "Just because we were safe once, we will always be safe in the future, isn’t the case."

In return for Utah using Homeland Security's tests, Utah is set to receive $400 million from the federal government for future cyber security.