An audit is criticizing cybersecurity practices at the Illinois State Board of Elections, but the board is taking issue with some of the findings.
The audit criticizes the board for not doing enough to reduce the risk of a hack, and for not having cybersecurity training when new people are hired and every year after that.
But spokesman Matt Dietrich says elections personnel are “very well trained.”
“We all have cybersecurity training here and safe data handling training here, and we have reminders everywhere throughout this office about the dangers of something as simple as clicking on a bad link in an email,” Dietrich says.
He also says the board has “robust” security measures in place, and has created a "cyber navigator" program to assist local election officials with improving cybersecurity.
“In the last two years alone, we have added four new staff members who are devoted strictly to cybersecurity,” Dietrich says.
All this comes after the Russian military hacked the board’s statewide voter registration database in 2016, downloading information on tens of thousands of voters.
There were two other audit findings the board did accept: that it needs to classify data based on which is the most susceptible to attack, and to come up with formal cybersecurity policies.