Securing elections against cyberattacks not so easy, experts say

WASHINGTON – The House Judiciary Committee on Friday got expert advice on what can be done to ensure next year’s elections are secure, encrypted against foreign adversaries and hack-proof.

Chairman Rep. Nadler, D – N.Y., said the threat of the 2020 elections being hacked “is a threat to the American people,” after Acting Director of National Intelligence Joseph Maguire testified Thursday that the greatest challenge for the U.S. is ensuring the integrity of the election system.

Three experts appeared before the committee to share what steps they believe are necessary to secure future elections.

Debora Plunkett, senior fellow at Harvard University’s Belfer Center for Science and International Affairs.

· Plunkett described the election system as “complex and decentralized,” with existing security vulnerabilities that could weaken the country’s democratic processes when faced with a cyberattack.

· She cited a Belfer Center study published in 2017 that assembled a list of best practices to secure the election system, like having a paper vote record and requiring vendors to provide notification of any system breach. She recommended building a strong security culture, treating elections as an interconnected system and avoiding any contact between the ballot process and digital devices. She also urged the use of strong passwords and two-factor authentication as two of the best defenses against accounts being compromised.

· “It is incumbent to every state to institute the appropriate security measures, and make sure that their technology is the most robust available in order to protect the democracy in their election,” Plunkett said.

Kathryn Boockvar, Pennsylvania acting secretary of state.

· Boockvar highlighted the need for federal, state and local enforcement across the country to collaborate and share resources to ensure elections are not tampered with next year and beyond.

· “Elections’ security is a race without a finish line, and our adversaries are not slowing down. We need to make sure we are meeting and exceeding those technologies, and make sure we invest at all levels substantial and sustained resources,” Boockvar said.

· Boockvar compared spending money on election security to other types of national security spending. “(We) look at them as ongoing investments, and that’s how we have to look at our elections,” she said. Boockvar called on the Department of Homeland Security, the Election Assistance Commission and the International Association of Government Officials to continue training state and local election officials to respond timely to appearing threats.

· Boockvar said that to provide every voter with equal access to secure polls and a deep-seated confidence in the accuracy of their votes, a long-term investment should be made on behalf of the federal government.

Tom Burt, corporate vice president of Customer Security and Trust at Microsoft Corporation.

· Burt said Microsoft’s new free, open source software, “ElectionGuard,” will allow voters to see their ballot after the elections and, for the first time in history, Burt said, see that their vote was counted and unchanged.

· Burt acknowledged the impediments of adopting rapidly changing new technologies. The outdated federal election machine certification process hasn’t changed in more than a decade, which slows down the response time against a possible attack. “Unfortunately, this means new machines using ElectionGuard likely will not be certified in time for use in the 2020 national election,” Burt said.

· A major concern for Burt was states and local agencies failing to upgrade their systems due to the lack of funding. Burt said federal standards on system delivery, upgrade and manufacturing would be useful guidance moving forward.

· “If a voting machine is updated with a minor security patch from a trusted vendor, it will have to go through a full recertification process,” Burt said. “This creates a significant disincentive for election officials and vendors to deploy security patches, leaving our elections vulnerable.”

All three experts agreed the next step is for Congress to approve a long-term sustainable funding dedicated solely to adopting the measures mentioned throughout the meeting. This, the experts said, will allow election officials to purchase new “hack-proof” equipment and invest in cybersecurity training and staffing.

“We know we can’t see a finish line for this, but we have to identify the threats,” said Rep. Madeleine Dean, D – Penn.