Last week, President Trump held a National Security Council Meeting to discuss election security. The meeting covered Russian interference and the overall state of the country’s election systems. Just the fact that this meeting was called is evidence of a problem and the realization that elections security vulnerabilities must be addressed.
Earlier this year, Congress passed and the President signed the Consolidated Appropriations Act of 2018. That statute includes $380 million in grant funding available to states for election security. While this funding amount is too small to address all problems, the appropriation is the first of its kind since 2010. A full list of funds distributed to each state can be found on the U.S. Election Commission Assistance website.
These funds are specifically earmarked for projects that replace voting equipment, implement post-election audit systems, upgrade computer systems, facilitate cybersecurity training and/or fund other activities that will improve election security in some other way.
While the bill appropriates funds, each state must contribute some matching funds. And, with midterm elections quickly approaching, many states are moving quickly to ramp up election security.
In the U.S., there is no national standard for election security. The Election Assistance Commission and the Department of Homeland Security offer some resources and guidelines but states are left to set their own standards. That, of course, results in no conformity and there are huge gaps in the country’s election networks.
In 2016, two-thirds of U.S. counties used voting machines that were more than a decade old. Many of those machines had outdated software and old operating systems. Thirteen states still cannot produce a paper trail and that leaves no way to audit the final results.
Last year, at the annual Defcon computer security conference, hackers were given a chance to see how quickly they could compromise voting machines. It took less than two hours for all systems being tested to be compromised by the hackers.
House Democrats have estimated that there is a need for $1.4 billion over the next decade to secure election systems. Top national intelligence officials have said all 50 states were most likely targeted in 2016 and the assumption is that all may be targeted again in 2018.
California was not one of the states whose systems were compromised in the 2016 elections but the state is taking steps to upgrade and secure its election systems. The state has provided $134 million for counties to use in modernizing voting systems. Fifteen counties have already purchased equipment while the remaining 43 are expected to purchase new systems in the very near future. The state also budgeted $3 million for the creation of an Office of Elections Cybersecurity and an Office of Enterprise Risk Management.
Pennsylvania was targeted in 2016. Officials note that, to the best of their knowledge, hackers were not successful. But, state leaders have said they will take no chances in 2018. A team of auditors is studying the state’s security protocol, the voter registration process, maintenance procedures and other system issues.
This month, the Federal Bureau of Investigation (FBI) informed the state of Maryland that the vendor responsible for managing the state’s voter registration, the entire election management system and the final election night results is financed by a fund managed by a Russian. The state was also advised that the fund’s top investor is a Russian oligarch. While the FBI had no proof of a data breach, state leaders decided to prepare for a potential new procurement.
The state of North Carolina plans to spend $7 million over the next two years to upgrade its election security systems. State funding will supplement $10.4 million in federal funding. Most of this revenue will be spent for modernization of the Statewide Elections Information Management System, which was built in-house 10 years ago. The system controls everything from voter registration to the display of final results on election night. An outside vendor will be sought to provide a new system.
Government officials are trying hard to secure election systems. Voters want to be assured that there will be no breaches…but that is quite a challenge in a world where cyberattacks are rampant and most voting systems were outdated years ago.