Editorial: Connecticut cybersecurity plan is alarmingly lacking

 Local residents wait in line for their ballot at the Polk County Election office on the first day of early voting for the Iowa general election on Monday, Oct. 8 in Des Moines, Iowa. Connecticut Secretary of State Denise Merrill has recently announced a plan to combat cybersecurity issues with the election system. (Charlie Neibergall/AP)

Local residents wait in line for their ballot at the Polk County Election office on the first day of early voting for the Iowa general election on Monday, Oct. 8 in Des Moines, Iowa. Connecticut Secretary of State Denise Merrill has recently announced a plan to combat cybersecurity issues with the election system. (Charlie Neibergall/AP)

In response to reports that Russian agents scanned Connecticut’s voting registration system in 2016 (along with many other states), Connecticut has worked to form a task force dedicated to securing Connecticut’s elections from foreign influence. This past week, Connecticut Secretary of the State Denise Merrill has come back from said group to announce a $5 million plan to combat this problem.

The money for this plan comes not from Connecticut itself, but rather from a grant from the federal government that has been doled out to states all over the country. This plan comes to utilize those funds just in time for the 2018 midterm elections in the state.

While it is never a bad idea to audit and update cybersecurity procedures - especially with voting, a system notorious for being slow to catch up with the times - this work cannot help but feel incomplete. Of course, our cybersecurity protocols were shown to be deficient in 2016, but this plan fails to cover the entire scope of problems with that year’s elections.

Just as important to the country is the social engineering and manipulation that occurred in the 2016 elections and beyond as a concentrated effort to sow discord in America. It has been shown time and time again that Russian agents manipulated social media websites like Facebook, Twitter and Reddit to spread ideas related to the elections and social issues. It would be facile to deny that this has had an effect on both the outcomes of elections and the general state of public political discourse.

When these issues are ignored in favor of talking about cybersecurity, it feels like lip service from politicians. Cybersecurity is an easy, agreeable issue; of course, everyone wants elections to be more secure. Dealing with the social engineering is much more difficult. It requires reflection into the nature of the internet and social media. It requires approaching these large, international companies and laying down the law. It requires effort, and not just taxpayer money.

This situation is especially contentious given that it directly relates to the current administration in Washington, D.C. Strengthening cybersecurity is still easy to defend through this lens, but fighting social engineering calls into question many of the current groups in power (or at the very least their popularity). So, when Senator Richard Blumenthal speaks of the power of the state and federal governments working together for this project, it should give some pause. Cybersecurity is important to protect, but we must do more as a state to fight foreign influence in our elections than just throwing money at the problem.