Senators push for increased elections security
- By Sara Friedman
- Jul 11, 2018
To help protect the nation’s voting infrastructure, the Elections Assistance Commission is distributing $380 million in funding to states, while the Department of Homeland Security is conducting vulnerability scans on election equipment in at least 17 states. But some senators believe there’s much more that could be done to help secure elections.
“We want to put some processes in place to make sure that we’ve not forgotten the lessons from 2016,” Sen. James Lankford (R-Okla.) said in his testimony at a July 11 Senate rules committee hearing. “There are some basic things that could be done while still allowing the states to control their election structures and have flexibility on the type of election machines that they want to have.”
Lankford said he has worked with Sen. Amy Klobuchar (D-Minn.) to refine the Senate Elections Act -- a bill they first introduced in December 2017 to streamline cybersecurity information sharing between federal and state election agencies, provide security clearances to state election officials and provide resources for states to upgrade their election equipment. The two have held meetings with EAC and DHS officials and in April met with a bipartisan group of secretaries of state who shared their advice on what should be added to elections legislation.
At the same committee hearing, Sen. Ron Wyden (D-Ore.) discussed his elections bill, the Protecting American Votes and Elections Act of 2018, which was introduced in June.
“My legislation focuses on two common-sense measures that are backed by the overwhelming number of cybersecurity experts in our country: paper ballots and risk-limiting audits,” Wyden said. “I wrote the big voting machine companies asking basic questions about cybersecurity ... but the companies refused to answer how or even if they are protecting their systems and the votes of the American people.”
As of July 11, every state except Nevada has requested Help America Vote Act (HAVA) funds from the EAC that were made available in March as part of the omnibus spending package. EAC Commissioner Christy McCormick explained how some states are using their funding to improve their election security posture.
South Dakota is using the $3 million that it received to upgrade voting equipment including ballot marking devices and tabulators. The state is also making “crucial cybersecurity upgrades” to its state voter registration file and election night reporting website.
In New York, officials plan to use its $19.48 million to implement a state and local cybersecurity risk assessment program to identify vulnerabilities, monitor ongoing security operations and respond to incidents.
The West Virginia Secretary of State’s office created a plan for cyber and physical security assessments with its $3.6 million that will increase election system protections, bolster detection capabilities and prepare for corrective actions.
At the same time that the EAC is distributing the HAVA funds, it is also working with the National Institute of Standards and Technology on version 2.0 of the Voluntary Voting System Guidelines.
“As U.S. election infrastructure has evolved, so have its security concerns which today range from unauthorized attempts to access the voter registration systems of multiples states to errors or malicious software attacks,” NIST's Information Technology Laboratory Director Charles Romine said. “The guidelines address these evolving concerns including support for advanced auditing methods and support for two-factor authentication so security protections built by industry over the last decade are built into the voting system.”
Editor's note: This article was changed July 12 to correct the spelling of Charles Romine's name.
Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.
Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.
Friedman can be contacted at email@example.com or follow her on Twitter @SaraEFriedman.
Click here for previous articles by Friedman.