Bill Ekblad spent nearly three decades as a naval cryptologist, working from ships and planes stationed in the Middle East and Germany to fight cyberattacks coming from around the world.
Now, the Minnesota native is back home and facing a uniquely tall order. Ekblad is the state's first "cybernavigator," hired by the secretary of state's office to help local election workers guard against an increasingly expanding set of threats, from disinformation campaigns to foreign actors trying to penetrate election networks.
"It's a tale of surprises: I mean, I think that nobody really saw realistically the potential for foreign adversaries to meddle in elections prior to 2016," Ekblad said in an interview from his office near the State Capitol. "And then in 2018, the game changed. It became less about the hard computer network operations and more about the soft skills of influence and hacking the mind of the voter."
Ekblad, hired through a federal election security grant, is now drawing on that history to pose a new question to the scores of local officials in Minnesota's 87 counties who are in charge of running this year's elections:
"Why do we think 2020 will be something predictable?"
He is barely two months on the job, and his question will prove pivotal in confronting the types of threats posed by foreign hackers and domestic operatives seeking to undo voter confidence.
U.S. Senate intelligence officials, still assessing the foreign attacks on the 2016 election, concluded last year that all 50 states' election systems were targeted by Russian hackers. The hackers were able to penetrate systems in Illinois and Florida. Meanwhile, Minnesota's use of paper ballots is viewed by election security experts as a key defense against electronic attempts to change vote totals.
But disinformation, or the ability to sow discord through false or misleading social media posts, is becoming more of a concern to Ekblad and county-level election workers.
"There's all types of things that we do from an administrative standpoint to guarantee the security of our elections," said Deborah Erickson, administrative services director for Crow Wing County. "But if the voter confidence isn't there, that's where some of that danger can come into play."
States are adding cybernavigators like Ekblad in concert with the U.S. Department of Homeland Security, which has worked with states to coordinate responses to the 2016 election attack. The navigators act as liaisons to local officials like Erickson, who must juggle other responsibilities and may not always have access to cybersecurity tools. Only nine counties in Minnesota have full-time staff dedicated to running elections.
Ekblad said he has established connections with officials responsible for running elections and IT support in each county, a vital task because each office represents a possible entry point into the statewide voter registration system that houses a trove of private information on more than 3 million registered voters in the state.
"We're depending upon those counties to uphold their end of the deal on security," Ekblad said. "And so part of that is communicating with them, communicating the expectations. But ... a lot of them are sort of minimally aware of the risk that they represent if they're not maintaining the standards that need to be maintained."
Ekblad is now leading weekly briefings and regular e-mail blasts outlining the latest information on election security shared by the federal intelligence community. That includes ensuring counties use two-factor authentication to access the voter database and regularly updating Facebook and Twitter feeds that may spread false information about election days, polling places and voting hours.
In April, Ekblad plans to lead a statewide "tabletop exercise" that will pair election workers from across the state with federal officials to practice responses to hypothetical disasters.
Counties "have a go-to resource in my office and are able to say, 'I don't know what I'm seeing here, what should I do?' " Ekblad said. "Just to truly help them navigate the system is really what this position is designed to do."
In Illinois, where Russian hackers breached the state's voter database, there are now nine cybernavigators to fan out across the state to help election officials find and fix vulnerabilities.
Neil Herron, a cybersecurity manager for the Illinois State Board of Elections, also has a background in naval cryptology. He believes the original 2016 Russian attack suggested that hackers sought to diminish voter confidence as much as influence the final vote. Herron points out that hackers were in the system for three weeks before being detected after setting off unusual spikes in activity.
"They weren't able to get anything useful" from the database, Herron said. "So they shifted over to the propaganda aspect which is: Get loud. This has to be talked about because the biggest thing that they're shooting for is the division of American politics."
He added: "It's easier to hack the voter than it is to hack the vote."
Erickson said she would like to see Minnesota enlarge its cybernavigator program. That could be underway, with the Secretary of State's office poised to receive an additional round of federal election security funding — pending legislative approval.
For his part, Ekblad describes his job as a "wish list of functions." Colleagues have told him he either has to be "Superman or crazy to want to take all that on."
"It's probably a little bit more of the latter," he said. "But the bottom line is it was kind of built to be something that we grow and expand our way into as we understand this lane better."
