Under the terms of the omnibus spending bill voted on by the House, states will receive $380 million within months to start to strengthen the security of our nation’s election infrastructure. This near-term funding is the product of tireless work by members of both parties, and a critical acknowledgment from Congress that protecting our elections is a matter of national security. States can use the funding immediately to begin deploying paper ballots, post-election audits, and other essential cybersecurity improvements. However, the new funding is only a first step, as many in Congress have acknowledged, and further Congressional action will be necessary in order to ensure that future elections are secure.
Most significantly, the omnibus funding as allocated to the states under the Help America Vote Act (HAVA) will not be enough for some states to replace their insecure voting machines. Because paperless electronic voting systems are highly vulnerable to cyberattacks, it is urgent that those systems be replaced as soon as possible, as the Senate Select Committee on Intelligence (SSCI) recommended earlier this week. Until this is done, it will be impossible to ensure that election results as reported by the voting system have not been corrupted by a cyberattack.
Thirteen states, including key swing states like Pennsylvania, continue to use paperless voting today. One of the main reasons is cost: cash-strapped states simply can’t afford to replace this aging equipment. Unfortunately, our analysis shows that under the new federal funding, five of the 13 states with paperless machines will receive less than 25 percent of the money they may need to replace them. Moreover, most states will also need to use some of the new funding to pay for improved auditing and other security measures, leaving even less for crucial technology upgrades.
With the growing threat of international cyberattacks, states need to take urgent measures to secure their election infrastructures in time for voting in 2018 and 2020. Cybersecurity experts agree about what needs to be done: securing voter registration systems, replacing paperless machines, and implementing robust post-election audits to verify that the reported electronic results are accurate. The omnibus, though insufficient to make all of these needed improvements, will help states get started and buy Congress time to pass a more comprehensive election cybersecurity measure. Further Congressional action is required to provide the guidelines, resources, and incentives that states need to fully implement these essential safeguards.
To do so, Congress should complete its work on the Secure Elections Act (SEA), a bipartisan bill that has been gaining momentum in the Senate. The SEA would establish cybersecurity guidelines, facilitate crucial information sharing, provide grants for states to fully replace DREs with paper ballots, and encourage states to implement robust statistical auditing. By prioritizing funding to states with obsolete equipment and mandating sensible cost sharing, the SEA is designed to accomplish these within a budget barely greater than the immediate omnibus funds.