Senator presses White House to improve election cyber protections

Ron Wyden

Sen. Ron Wyden (D-Wash.)

On the day that a special election in Alabama captured national attention, Sen. Ron Wyden (D-Ore.) sent a letter urging National Security Advisor H.R. McMaster to take additional steps to secure the nation’s election infrastructure and provide support to state and local governments ahead of next year's mid-term elections.

Specifically, Wyden asked McMaster to designate a senior White House election security czar to brief Congress of executive branch election security efforts, direct the National Institute for Standards and Technology and the Department of Homeland Security to grade states on their election infrastructure and designate political campaigns as critical infrastructure. Wyden, who has been one of Congress' most vocal advocates of increased election security, also is asking that the U.S. Secret Service expand its presidential candidate security detail to include cybersecurity.

In the Dec. 12 letter, Wyden noted that 14 states still use direct-recording electronic, or DRE, voting machines that don’t allow for paper-based election audits and rely on outdated operating systems with known vulnerabilities.

“While some states have taken the threats seriously, others are seriously lagging behind and remain woefully vulnerable to foreign government cyberattacks,” Wyden wrote. “As such, the federal government must take action: leaving federal election cybersecurity to the states is irresponsible and a total abdication of the federal government’s primary role in matters of national security.”

Legislators have been pushing for the executive branch to take a more proactive role in securing the nation’s election systems and infrastructure. In October 2017, Attorney General Jeff Sessions told the Senate Judiciary Committee that the Justice Department had not taken any formal steps to adequately prevent foreign meddling in elections. He echoed those comments in November 2017, telling the House Judiciary Committee, “we are not anywhere near where I would like us to be” in updating laws to protect election security, but he later acknowledged he had yet to look into the matter to “see where we are on that.”

Such answers concern Wyden.

“Attorney General Sessions’ testimony suggests that the Administration is not taking this issue seriously or dedicating sufficient resources to fixing it,” Wyden wrote. “That must change. ”

During Dec. 13 testimony on Capitol Hill, Deputy Attorney General Rod Rosenstein did not directly answer whether the DOJ had ordered any review of election security laws. Instead, Rosenstein said the department “has a lot of ongoing work related to protection of elections,” and cited meetings with FBI Director Christopher Wray and staff to discuss the issue.

As the topic of election security has gained prominence over the past year, an underlying debate has cropped up around whether cybersecurity of election infrastructure and cybersecurity efforts should be led by the federal government or states and localities. Section four of the U.S. Constitution gives somewhat contradictory guidance, explicitly vesting states with authority over “the times, places and manner of holding elections” but also specifying that “Congress may at any time make or alter such regulations.”

In practice, the federal government historically has left states and localities to run their own elections, with limited exceptions related to equal protection under the 14th Amendment. Powerful members of Congress have telegraphed little desire to alter that balance of power, and states have reacted harshly to federal overreach on their turf in the past. There also are questions about the federal government’s ability to effectively manage an election system that is fragmented and spread across more than 8,000 different jurisdictions.

However, others have argued that state and local governments lack the funding, resources, threat intelligence and qualified personnel to adequately defend their infrastructure against sophisticated cyber attacks carried out by nation-states hacking groups. Joe Kiniry, CEO of the election systems and services company Free and Fair, said he believes the federal government has ultimate authority to stipulate how elections are run.

“Imagine if we had this same conversation about federal cybersecurity standards for national security, ” Kiniry said.  “Do we really think that New Hampshire can certify equipment for national security for systems that run in that state?”

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.