Elections experts say cybersecurity threats demand federal funding

Unfunded cybersecurity needs are leaving state and local election officials to stand on the front lines of threats from sophisticated international interests, a new report asserts.

“Defending Elections,” a report from the Brennan Center for Justice, highlights growing concerns that myriad unmet security needs pose a threat to fair elections.

Christopher R. Deluzio, policy director of the University of Pittsburgh Institute for Cyber Law, Policy and Security, was among five researchers who collaborated on the report. He said a close look at efforts under way in six states — Alabama, Arizona, Illinois, Louisiana, Oklahoma and Pennsylvania — underscored the challenges elections officials face, from the need to purchase new voting machines that will create a paper record, to developing systems for post-election audits, addressing emerging cyber vulnerabilities and upgrading voter registration systems.

Part of the problem is the cost of underwriting new voting machines as states and counties struggle to meet the timeline to have systems with paper backups in place in time for the 2020 presidential primaries.

In Pennsylvania, where voting machines are purchased at the county level, Deluzio said the $14 million federal grant that was doled out to counties will finance only about 10% to 12% of the estimated $150 million needed to replace voting machines across the state.

The cost and uncertainty about additional subsidies to defray the estimated $8 million-plus cost of new voting machines in Westmoreland County recently prompted county commissioners there to walk back the timeline for the purchase and implementation of a new system, from this fall’s general election to next spring.

Deluzio said reports from national security agencies that Russian operatives targeted election systems in Pennsylvania along with several other states, and the Mueller report’s finding that they gained access to the Illinois State Board of Elections registration database, emphasize the threat.

This month, the New York Times reported concerns that both campaigns and elections remain at risk from hackers.

Edward Felten, an election security expert and computer science professor at Princeton University, said campaign organizations and voting equipment are unlikely to be prepared to deflect another nation-state cyberattack in the 2020 cycle.

“The bad guys have had more time to spend on this and more time to develop new tricks,” Felten, who studies election cybersecurity, told the Times.

David Salvo and Rachael Dean Wilson, researchers from the bipartisan Alliance for Securing Democracy, collaborated on the new Brennan Center report. They said it would be a mistake to underestimate the importance of such efforts.

“Election security is a national security imperative for our democracy — and it’s dependent upon the election systems of 50 state governments and the vigilance of election officials in over 10,000 election jurisdictions across the country,” they wrote.

Salvo and Wilson said federal funding will be required to make continuing upgrades to the security of the nation’s election infrastructure.

“There are plenty of things that ought to be done in Pennsylvania and elsewhere for the money to come from Congress,” Deluzio said. “It seems a little unfair to me to ask county election workers who are hardworking folks to be cyber warriors on the front lines of a battle against nation states.”