SALT LAKE CITY — Their opponents show up as lines of code on a computer screen, but they come in hordes numbering in the hundreds of millions.
On Tuesday evening, the multiagency experts at the Utah Cyber Center were successfully thwarting all attempts to intrude into state systems and none came anywhere close to impacting Utah's election apparatus, which now operates almost entirely in isolation from any internet or digital access.
That outcome, according to the man at the top of the election hierarchy, Lt. Gov. Spencer Cox, is the fruition of planning and preparation that began many months ago.
"(Cybersecurity) has been a huge priority for the state of Utah for several years," Cox said. "The Department of Homeland Security and the FBI would tell you we were one of the first states to start coordinating with the federal government on digital security issues. And, for the last year … this has been our No. 1 priority."
Tuesday night's contingency of cybersecurity experts monitoring digital traffic at the Capitol included staffers who work full time to keep Utah government digital assets safe, as well as representatives from the Utah Department of Public Safety and the U.S. Department of Homeland Security.
The team was also connected with the Multi-State Information Sharing and Analysis Center, a national organization that provides real-time communications about digital threats and activities aimed at government agencies in all 50 states.
That system of partnerships was paying dividends on Election Day as Utah Department of Technology Services Information Security officer Phil Bates explained that a heads-up earlier on Tuesday about an issue that arose in Arizona gave Utah technicians time to take evasive maneuvers.
"Already today we had some attacks occurring in Arizona and we were able to put blocks in case they came to us," Bates said. "And, they did try to hit us."
Bates said while the state has had its own digital security task force in operation for four years, the cybersecurity center was established in the last year to provide a command headquarters for the team.
Bates noted the volume of computer traffic aimed at either scanning for system vulnerabilities and/or attempting intrusion has risen dramatically since the last election cycle and in the weeks leading up Election Day 2018, his team was monitoring 600 million to 700 million incidents per day.
Bates explained those figures are actually well below actual nefarious traffic as the state has instigated some geographic blocking to keep the volume manageable.
"When we start getting over 1 billion a day, it's hard for our tools to ingest that information," Bates said. "We've started geographically blocking and have blocked several countries to get down to 600 million-700 million."
While Bates declined to identify which countries were being blocked, China and Russia have been the geographic source of a large volume of scanning and intrusion attempts in Utah and across the country. Without the blocking, Bates said the volume of traffic from bad actors would likely be in the neighborhood of 1.2 billion incidents per day.
The 1 billion cyber incidents-per-day plateau was reached in Utah for the first time before this cycle's primary election in June. Cox said he alerted his election team on the day it became evident one high-profile candidate on Utah ballots was likely to be a game-changer for the state's cybersecurity challenges.
"I can tell you we sat down, my team and I sat down … the day that Mitt Romney announced that he was running," Cox said. "We realized that day that this was different, that this was a game changer. Because, you had a former presidential candidate who was very outspoken when it came to Russia, specifically the Russian threat.
"We'd been kind of a low-profile state when it comes to elections and now suddenly we're very high profile."
While Romney's election presence likely upped the ante for Utah, the state's Election Director Justin Lee noted that every voting jurisdiction in the country was seeing an immense increase in the volume of digital security incidents.
"It's not just us," Lee said. "Anyone running a public website is getting attacked on a regular basis, and the volumes have been on the rise for years.
"As elections get closer, the levels go up."
While the volume of incidents created by would-be cyber malefactors is massive, the functional reality, according to Lee, is that the most critical election systems are completely isolated from the internet.Comment on this story
Lee explained to the Deseret News that equipment used to process and count cast votes, most of which are now of the mail-in variety in Utah, are "closed loop" systems that are not, at any time, connected to the internet or digital networks that can be accessed from the outside. Bates noted that while breaching voting machines has become a spectator sport at various hack-a-thon events held around the country, those are typically out-of-date machines and require a wholesale deconstruction to gain access.
Lee noted Utah was the recipient of $4.1 million this year via the federal Helping America Vote Act. That funding, plus a $250,000 state matching contribution, was parsed to provide a $1.9 million fund for county clerks to upgrade electronic voting machines, $300,000 to enhance state web security and $2.9 million to revamp the state administered voter registration database, which is the only significant digital election asset that is actually accessible via the internet.