Montana lawmakers described the compounding challenges of cybersecurity in a training session Wednesday for state officials and legislators.
The training was hosted by the National Cybersecurity Center, a nonprofit who, among other objectives, sets out to raise awareness and arm state lawmakers with smarter cybersecurity practices. The training session on Wednesday covered phishing, passwords, encryptions and more.
The panel discussion ahead of the training included the state's Chief Information Security Officer Andy Hanks, Rep. Ken Holmlund, R-Miles City, and Sen. JP Pomnichowski, D-Missoula.
Geraldine Custer, a Republican Rep. from Forsyth and the longtime clerk and recorder for Rosebud County, asked about election security; officials have turned up no voter fraud and yet the rumor continues in Montana, she said.
Hanks said the state focused on technical security efforts in the 2016 elections, and what they learned then was later put into practice in later cycles with greater communication between the federal government and down to local officials. With technical interference attempts effectively foiled, "bad actors" pivoted to undermining public confidence, he said.
"The biggest challenge we saw in the most recent election was misinformation and disinformation campaigns from foreign states," Hanks said. "Democracy can be eroded by information that's casting doubt on the validity of the elections. This is a problem I work on every day."
Both lawmakers said awareness of the issue has led to some hesitancy in adequate funding to protect the state's data. Holmlund said other elected officials described funding cybersecurity as pouring money into a "black hole."
"Cybersecurity is not an expense, it's an investment," he said. "We do have some challenges in the Legislature to get some people convinced that this is money well spent."
Pomnichowski said lawmakers themselves are especially vulnerable because of how much information they put out into the public arena as state officials or candidates. She said lawmakers receive hundreds of emails a day during the session, and phishing attempts can easily be lost in the mix.
New technology also provides new opportunities for hackers, Pomnichowski told the group, but those who use new tech get savvier along the way, too. One way to be proactive is through reverse engineering, where companies try searching for vulnerabilities before hackers do.
"There's always more to be done, but we've had some pretty great successes and stopped attacks like that," she said.