NCSL - National Conference of State Legislatures

08/10/2018 | News release | Distributed by Public on 08/10/2018 15:10

States Taking Election Cybersecurity Seriously

By Dylan Lynch

Los Angeles-If you have only been reading news headlines about vote-hacking risks or Russian interference, it might be easy to conclude that America has been sitting on its hands when it comes to election security since 2016.

Yet, security, whether physical or cyber, has been the job of states for decades. It is a duty none take lightly, nor have election officials been idle. This was the tone set during the Cybersecurity for Elections: State Policy Options session during NCSL's recent Legislative Summit.

Washington Secretary of State Kim Wyman, along with Senator Henry Stern (D-Calif.), Matt Masterson, a senior advisor with the Department of Homeland Security (DHS), and Maurice Turner, of the Center for Democracy and Technology (CDT), discussed not only the cybersecurity landscape for elections, but also what states have been doing to prepare for possible attacks.

In 2017, DHS designated elections as critical infrastructure, which means states have easier access to federal help. According to the DHS election resource guide, states can tap into federal cybersecurity assessments, detection and prevention programs, training and information sharing.

'Lost in all this discussion is that local election officials are administering good elections,' Masterson said. 'They just haven't had the opportunity to take a breath since 2016.'

In March, Congress allocated $380 million to the states to improve election administration, including the enhancement of technology and security improvements. Four months later, all eligible states and territories had requested the new funds.

Wyman said the $8.3 million received by Washington will go toward an 'elections cyber unit,' which will include a beefed-up IT team to help local jurisdictions, training and testing for local election officials, protection and monitoring services and reinforcement of the existing elections infrastructure.

The Evergreen State is not alone in its efforts to maximize the impact of these limited funds. Maurice Turner, a technologist with the Center for Democracy and Technology, outlined a risk-management framework for elections: risk equals probability of attack times likely impact.

Entirely eliminating risk, he said, is impossible. But with his risk framework, he suggested that states can work to mitigate risk by reducing the potential impact, shifting risks or by accepting the risk. Likewise, by acknowledging threats and communicating preparedness, both internally and externally, a culture of security can be built in everyone's daily routine and assuage public concern.

'Voter confidence is an intangible asset, but we do know that we can have a positive impact on it,' Turner said, adding that the federal government could take a larger role in elections, particularly when it comes to voting equipment development and procurement. This idea, however, did face some pushback from the other panelists.

Stern, meanwhile, noted that elections cybersecurity is an opportunity for bipartisanship, and that, from a legislator's perspective, the biggest fear is voters losing confidence in the system. He said legislators need to recognize that they are not perfect, but they can let everyone know this is a serious issue and that leaders are working quickly to maintain and instill voter confidence.

'We all rise and fall together,' he said.

Dylan Lynch is a policy associate with NCSL's Elections and Redistricting program.

Email Dylan.