With the 2020 national election cycle on the horizon, House Homeland Security Committee Chairman Bennie Thompson, D-Miss., convened a hearing Wednesday to examine the how the United States was working to secure its elections. The hearing, broken into two panels, heard from senior Federal election officials, as well as state and local election officials.
During the first half of the hearing Christopher Krebs, director of the newly minted Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS), stressed that election cybersecurity is on the upswing. However, the second half of the hearing held a slightly different tone, with California Secretary of State Alex Padilla declaring that “our democracy is under attack.”
Noah Praetz, the former director of elections for Cook County, Ill., concurred with Padilla and said “As election officials, we must accept the conclusion of the intelligence community–our elections were attacked and are vulnerable. And while enemy hostile probes of our news and influence systems appear to have been more successful than those on election administration, we have to expect the attacks will evolve. We, as election administrators, must defend our section of the line–by securing all elements of our voting infrastructure.”
He further stressed the role election security plays in public confidence in the United States’ democracy.
“One job of an election administrator is to conduct elections so that losing candidates accept the fact that they lost fairly,” Praetz said. “Anything that hinders our ability to do that decreases confidence in the system. And undermines our ability to bestow legitimacy–not just victory.”
Padilla acknowledged that Federal intelligence agencies do send out security warnings to election officials across the country and said that “DHS Director Chris Krebs and DHS Senior Advisor Matt Masterson have become tremendously valuable partners.” However, Padilla said that “our national response is severely lacking.” He continued, “Most critically, we must rethink how we fund and administer elections.”
“Let’s be honest, elections are underfunded and are too often a low priority for Federal, state, and local governments,” Padilla argued. “The last time Congress approved new funding for elections was through the Help America Vote Act (HAVA), 17 years ago, in the wake of the 2000 presidential election. And the investments made as a result of HAVA were by and large in equipment and technology that is now 20 years old.”
He compared the voting technology to personal electronics, saying “you would not settle for 20-year old technology and reliability on your cell phones; our voting systems should be no different.”
Padilla stressed a number of steps Congress should focus on to improve election security. First, Padilla stressed that there should be rigorous testing and certification of voting standards to ensure they are up to date with security standards. Second, Congress should require testing of voting systems to ensure logic and accuracy before each election. Padilla also supported paper ballots and a “voter-verified paper trail, for auditing, recount, and manual tally purposes.” Additionally, he said election infrastructure should remain offline and there should be post-election audits after every election.
Building on Padilla’s recommendations, Jake Braun, executive director of the University of Chicago Harris Cyber Policy Initiative, stressed the importance of passing H.R. 1. That legislation, which is a bill from the Democratic majority, was criticized as a “political exercise” and a “partisan political power grab” by the Committee’s Ranking Member Mike Rogers, R-Ala., during his opening statement. Additionally, John H. Merrill, the Alabama secretary of state, said “the impact of the enactment of H.R. 1 could possibly damage the credible elections process we have worked hard to build in Alabama by creating a series of administrative concerns for the state to enforce,” during his testimony.
However, Braun said the “measures in the H.R. 1 proposed legislation provide for auditable paper trails and local implementation of at least the top five of the 20 Critical Security Controls, as well as funding for cyber assessments and remediation. Congress must support state and local administrators’ efforts by providing funding and assistance to implement cyber best practices that reduce America’s vulnerability to these clear threats to our election infrastructure.” Additionally, Braun called for funding for research and development funding to build voting equipment that can “stand up to these modern threats.” He said that current equipment is “essentially unsecurable.”