The head of the National Security Agency and U.S. cyber command has told Congress that the White House hasn’t instructed him to block a Russian attack against U.S. election systems this fall. “If we don’t change the dynamic here, this is going to continue,” Adm. Michael Rogers said, adding to warnings from the secretary of state and chiefs of U.S. intelligence agencies that voting systems are vulnerable to attacks by foreign actors.
Russian meddling in the 2016 election is now almost universally acknowledged. And while there’s no evidence that Moscow’s cyberactivity changed vote totals, we know Russian agents targeted voting systems in at least 21 states — and that whatever methods the Russians honed this past cycle they will likely use against us in the 2018 and 2020 elections.
The problem of vulnerable voting technology predates the last presidential election. In 2015, a Brennan Center report found that voting machines in 42 states were at least a decade old. We warned that deteriorating machines were particularly vulnerable to breakdowns and hacking, and our aging equipment foreshadowed a crisis of security and reliability. In a survey just weeks ago, the Brennan Center found that 41 states likely will use decade-old voting machines this fall. The problem hasn’t gone away.
With the midterm elections eight months away, we get a second chance at tackling our crisis of inaction. But right now, the odds are not looking promising for American democracy. This has to change.
Luckily for the Empire State, its voting systems don’t face the same vulnerabilities as others across the nation. New York processes paper ballots filled out by the voters, which means a strong audit would be able to catch hacks or failures in the voting system. The technology is relatively new, so it’s been subject to more rigorous security testing than machines around the country that were purchased more than 10 years ago.
But the picture is much bleaker in many other corners of the country. Election officials in 33 states have told the Brennan Center they must replace their systems by 2020, but lack the funds to do so. And 13 states — including Pennsylvania, Georgia and Texas — still use antiquated paperless machines in many or all of their polling places. State election officials just don’t have the resources to replace them.
Given what’s at stake, Congress and state legislatures must invest to protect elections. Congress can help states with immediate time-limited grants to replace aging paperless electronic voting machines; perform comprehensive threat analyses of critical election systems; upgrade the hardware and software that support voter registration; and conduct post-election audits to confirm outcomes and build confidence with voters.
Congress could do all this by passing the Secure Elections Act. This bill, spearheaded by Sens. Amy Klobuchar (D-Minn.) and James Lankford (R-Okla.), would authorize the Department of Homeland Security to grant $386 million to the states to enhance election security. The bill would prove a crucial first step to safeguarding our elections, and would reassure Americans their votes won’t become the object of meddling by Russia or other hostile state actors like North Korea, Iran or China.
Cyber security experts often note those seeking to protect their systems need to have a perfect record. After all, an intruder looking to stir trouble only has to get it right once.
Lawrence Norden is deputy director of the Democracy Program at The Brennan Center for Justice.