COLUMBIA — The nearly 150,000 unsuccessful attempts to gain access to South Carolina’s voting system do not indicate there were that many “hackers” trying to get information on Election Day last year, according to the agency tasked with running the state’s elections.
The State Election Commission has repeatedly said there is no evidence that attempts to penetrate the system were successful and none of the attempts originated in Russia.
According to a letter filed with a House Legislative Oversight Committee panel this Spring, there were 149,832 attempts to get through the firewall for the state’s voter registration system on Nov. 8, 2016.
Executive Director Marci Andino stressed that while the amount of attempts seem high, the number doesn’t tell the whole story.
“Firewalls filter Internet traffic and block everything that is not specifically allowed,” she said. “The failed attempts show the firewall is working to protect the voter registration database from unauthorized access.”
Andino said the system classifies issues such as accessing scvotes.org through Windows XP or incorrectly entering information when looking for a polling place as a “rejected attempt.”
“It’s not always hacking,” she said. “It’s bad traffic attempts to access the system.”
Andino on Monday wasn’t able to provide information on what percentage of attempts were “bad traffic” versus legitimate attempts to hack information.
Of the malicious attempts to access the system, some were from the United States and some were from abroad. She also on Monday did not know which countries tried to access information.
The House panel tasked with overseeing the election commission asked in April for the number of attempts to penetrate the system. Clemson Republican Rep. Gary Clary, who chairs the committee, said nothing in the report was alarming when lawmakers discussed it with the commission.
“We were aware that they were receiving hits,” Clary said. “I didn’t get the impression that there was 150,000 attempted hacks or invasions where they knew that people were trying to get into the system.
“I thought they were proactive, but once again you always want to ensure that you’re doing exactly what is required to ensure that our system remains safe,” he said.
Andino said the agency does not have data about attempts to access the system before last November’s election, but said the website always gets more visitors during presidential elections.
“If you look at number of hits or the bad traffic, it would make sense that they both would spike on Election Day,” she said.
Risks to election systems across the country have come into public view in recent months, with federal homeland security officials last month saying they found evidence that Russian hackers targeted 21 states. Federal officials did not tell lawmakers which states were impacted.
The election commission provided the panel with information about unsuccessful attempts to get behind the website’s firewall for the second Tuesday in every month from November to April. While the highest documented attempt was in November, there also were 113,372 failed attempts in December. The lowest reported number of attempts was 41,420 in February.
Chairmen for both the state’s Republican and Democratic parties said they have full faith in the state’s election system.
“What’s most important is our ballots are (accurately tallied),” S.C. GOP Chairman Drew McKissick said. “I don’t believe this in anyway had an impact on that.”
Tom Scott, with University of South Carolina-run SC Cyber, said while its concerning that there may have been a large number of legitimate attempts to hack into the state’s system on Election Day, those types of attempts occur daily.
“I think that voters should feel confident that their government officials are working diligently to ensure safe and secure elections,” he said. “But the additional challenge in the state of South Carolina is the idea of home rule.”
“Home rule” places the power with local entities to best determine how to govern.
“The elections process, while governed and supervised an maybe even monitored at a state level, those all happen locally,” Scott said. “So it really becomes incumbent on county election leadership to ensure that their systems are safe.”
But regardless how much state and local elections officials bolster cybersecurity, there will always be concerns, Scott said.
“You’re always going to have attempts,” he said. “Bad people are going to continue to do bad things no matter what. But the good people have always got to be working (to keep information safe).”