|
| | SR0093 | | LRB100 08915 MST 19058 r |
|
|
| 1 | | SENATE RESOLUTION
|
| 2 | | WHEREAS, Our national and State security should not be |
| 3 | | undermined
by the concerted efforts of foreign actors with the |
| 4 | | goal of
compromising our democratic ideals; and
|
| 5 | | WHEREAS, In July of 2016, the Illinois Board of Elections |
| 6 | | was the target of a cyber-attack of unknown foreign origin |
| 7 | | which targeted the
Illinois Voter Registration System |
| 8 | | Database; and
|
| 9 | | WHEREAS, On July 12, 2016, the IT staff at Illinois Board |
| 10 | | of Elections was made aware of performance issues with the |
| 11 | | Illinois Voter
Registration System (IVRS) database server, and |
| 12 | | processor usage had
spiked to 100% with no explanation; and
|
| 13 | | WHEREAS, Analysis of server logs revealed that the spike in |
| 14 | | usage
was a result of rapidly repeated database queries on the |
| 15 | | application
status page of the Paperless Online Voter |
| 16 | | Application (POVA) web site; and
|
| 17 | | WHEREAS, Additionally, Illinois State Board of Elections |
| 18 | | server
logs showed the database queries were a malicious form |
| 19 | | of cyber-attack
known as SQL Injection, which are unauthorized, |
| 20 | | malicious database
queries entered in a data field in a web |
| 21 | | application; and
|
|
| | SR0093 | - 2 - | LRB100 08915 MST 19058 r |
|
|
| 1 | | WHEREAS, Further analysis of the web server logs showed |
| 2 | | that
malicious SQL queries began on June 23, 2016, and that |
| 3 | | malicious
traffic from the IP addresses continued, though it |
| 4 | | was blocked at the
firewall level; and
|
| 5 | | WHEREAS, Firewall monitoring indicated that the attackers |
| 6 | | were
hitting the Illinois State Board of Elections IP addresses |
| 7 | | five times per
second, 24 hours per day; and
|
| 8 | | WHEREAS, Investigations of the attack concluded Illinois |
| 9 | | Voter
Registration System passwords were compromised, and |
| 10 | | passwords included those of election authorities, their |
| 11 | | staffs, internal Illinois State
Board of Election users, |
| 12 | | vendors, and web services; and
|
| 13 | | WHEREAS, The intelligence community has described these
|
| 14 | | individuals or actors as part of foreign entities, namely |
| 15 | | Russia,
intent on boosting one candidate over the other; and
|
| 16 | | WHEREAS, Aggressive actions contrary to American interests |
| 17 | | that
foster political chaos and institutional mistrust in our |
| 18 | | democratic
values must be thoroughly repudiated; and
|
| 19 | | WHEREAS, The American public also needs assurance that law |
| 20 | | enforcement is
actively investigating these matters, and if |
|
| | SR0093 | - 3 - | LRB100 08915 MST 19058 r |
|
|
| 1 | | further investigation
finds evidence that foreign actors |
| 2 | | perpetrated or directed such acts,
appropriate criminal |
| 3 | | charges and sanctions will be announced and
enforced; |
| 4 | | therefore, be it
|
| 5 | | RESOLVED, BY THE SENATE OF THE ONE HUNDREDTH GENERAL |
| 6 | | ASSEMBLY OF THE STATE OF ILLINOIS, that we denounce any threats |
| 7 | | by Russia or any other
foreign actors who seek to interfere |
| 8 | | with the sanctity of our
democratic process; and be it further
|
| 9 | | RESOLVED, That such an attack on the United States of |
| 10 | | America and
the State of Illinois must not go undisclosed, and |
| 11 | | that we urge that the Illinois State Board of Elections produce |
| 12 | | a
final comprehensive report outlining the nature of breach, an |
| 13 | | audit of
their IT systems, and that they enact preventative |
| 14 | | measures to ensure
that such cyber interference never occurs |
| 15 | | again; and be it further
|
| 16 | | RESOLVED, That a suitable copy of this resolution be |
| 17 | | delivered to Steve Sandvoss, Executive Director of the Illinois |
| 18 | | State Board of Elections.
|