Senate Dems look to shore up voting security

The Protecting Americans Votes and Elections Act sponsored by six Senate Democrats looks to limit digital ballot uncertainty by requiring paper ballots for all federal elections.

The bill, introduced by Oregon Democrat Sen. Ron Wyden and five cosponsors, would require states and municipalities to use paper ballots and "risk-limiting" audits in federal elections.

"Leaving the fate of America's democracy up to hackable election machines is like leaving your front door open, unlocked and putting up a sign that says 'out of town,'" Wyden said in a statement. "It's not a question of if bad guys get in, it's just a question of when."

Wyden is a longtime critic of the cybersecurity standards at electronic voting machine vendors. Late last year he quizzed five voting equipment vendors about their security posture and found that three of the five did not employ a chief information security officer.

Separately, the Senate sponsors of the Secure Elections Act, a bipartisan bill that gives the Department of Homeland Security the green light to share threat information with state officials and authorizes security clearances for appropriate state election officials, offered their legislation to the Senate defense bill, currently under consideration.

Because of the perceived need for DHS to work with states and local governments on election security, the $382 million in grant funding initially called for in the Secure Elections Act was enacted in the omnibus spending bill in March.

The disposition of those funds was part of the discussion at a June 12 Senate Judiciary Committee hearing.

Two weeks ago, at the request of the Elections Government Coordinating Council, the National Protection and Programs Directorate released guidance on what states and localities should do with their share of the funding, said Matt Masterson, NPPD senior cybersecurity advisor, during a June 12 Senate Judiciary Committee hearing.

"We focused first on common IT vulnerabilities that exist across elections -- things like patching, training for phishing campaigns as well as manpower," Masterson said.

Long-term suggestions included looking into the overall resilience of election systems, ensuring auditability and defensibility through long-term investments and training local officials in cybersecurity.

The NPPD is working directly with state and local officials across the country to help them improve their elections infrastructure. Part of this process involves providing states with free resources such as vulnerability scans and training.

Seventeen states have received the results of such vulnerability scans, Masterson said, and those results showed that the elections sector is no different from others when it comes to cybersecurity.

"With the elections infrastructure, we are seeing the same vulnerabilities across IT systems…maintenance, software updates, updating equipment and hardware and general upgrades that need to take place, as well as configuration management to limit the amount of damage that can be done," he said.

In addition, the NPPD is providing federal security clearances to three election officials in each state so that DHS can keep states more fully updated on election threats.

The Department of Justice is also working to address interference with elections. Adam Hickey, deputy assistant attorney general in the National Security Division, said a report from the Cyber-Digital Task Force on foreign threats to elections is due to the attorney general in June and will be made public in mid-July.

A version of this article originally appeared in FCW's sibling publication GCN.