Many states and localities don’t have the resources to upgrade and protect their election systems from malicious cyber intrusion, and the Federal government should work to provide them with those resources, according to a recent Brennan Center report on election cybersecurity.
“Election officials in the majority of states have told the Brennan Center that they would like to replace this equipment soon, but most do not have the money to do so. Finding the money is crucial, as is adequately funding the [Election Assistance Commission] to guide the development of the next generation of voting machines, continue publishing information about problems with existing machines, and help local election officials with their plans to purchase new equipment,” the report said. “While states and counties run our elections, the federal government and Congress have a critical role to play through funding and setting standards. All levels of government must be involved in securing our elections.”
According to the report, 42 states use systems that are 10 or more years old, close to or past the end of those machines’ life spans. In addition, paperless machines, which do not provide an auditable trail of votes in the event of tampering, are still in use in 14 states. The report estimates that replacing these machines should cost $130 million to $400 million.
“As the authors explain, much has been done to secure these systems in the last few years. But hackers have grown increasingly sophisticated in this time as well. And the state and local elections officials who are custodians of our election infrastructure often operate with highly constrained resources,” R. James Woolsey, former director of Central Intelligence, said in the report’s foreword.
The report applauded recent Federal legislation that focused on the specific needs of state and local election systems.
“The best legislative solutions may mimic already existing bipartisan bills to address cybersecurity issues, such as the State Cyber Resiliency Act, a bill introduced in March in the Senate by Senators [Mark] Warner, D-Va., and [Cory] Gardner, R-Colo., and in the House by Representatives [Derek] Kilmer, D-Wash., and [Barbara] Comstock, R-Va.,” the report said. “That bill requires the Federal Emergency Management Agency and DHS to work with state and local governments in administering and awarding State Cyber Resiliency Grants to protect critical infrastructure, based on the needs in those states. That is a good start. Our election infrastructure could benefit from an even more narrowly tailored program of grants that aims to provide money for the kinds of measures discussed in this report.”
The report lists four important security recommendations for state and local governments, as well as their Federal partners, to prioritize: replace antiquated voting machines with new auditable systems, conduct audits of paper ballots or the voter verified paper record, complete a full assessment of threats to voter registration systems, and upgrade and replace IT infrastructure, including databases.
“These are common-sense solutions that will increase security and public confidence in the integrity of our system. Importantly, they will do so without interfering with the right of any eligible citizen to participate in the choice of who will govern the nation,” said Woolsey.
The report also emphasized the importance of conducting regular security testing of and updates to voter registration databases, as attacks on these systems could cause people to be prohibited from voting or the public to lose trust in the election system.
“Going forward, election professionals and independent researchers in the election field would do well to devote more resources to studying the security of state voter registries,” the report said.