Budgetary, Technical Hurdles Continue Hampering 2020 Election Security Prep

Compromised voting machines currently in use in the U.S. on display at DEFCON in April 2018.

Compromised voting machines currently in use in the U.S. on display at DEFCON in April 2018. By Bing Wen/Shutterstock.com

A Congressional field hearing in Illinois highlighted how far states and local jurisdictions have come since 2016, and how far they have to go.

The House Homeland Security Committee returned to the scene of one of Russia’s direct attacks on U.S. elections in 2016 on Tuesday to discuss how the state of Illinois—and the nation at large—have improved election security since the last presidential election.

In 2016, Russians hacked an Illinois Board of Elections voter registration database, compromising the information of some 76,000 voters and instilling confusion, despite investigations that showed no votes were changed or altered by the bad actors.

At the field hearing, state officials said Illinois partnered with federal partners, including the Department of Homeland Security, and invested more than $13 million in security upgrades and digital vulnerability assessments for its 108 voting jurisdictions.

However, like most states, Illinois has more challenges than it can fully address, given budgetary restrictions and short timelines.

Steve Sandvoss, executive director of the Illinois Board of Elections, said approximately two-thirds of its 108 voting jurisdictions do not have the resources to employ an IT division and likely only have a single vendor-contracted employee responsible for things like patching electronic voting machines. He said Illinois has maintained partnerships with the Cybersecurity and Infrastructure Security Agency and created new ones to maximize the use of existing resources.

During the 2018 midterm elections, the state elections board partnered with the Illinois National Guard to ensure cyber experts were on standby in case election meddling occurred. That partnership will continue through the 2020 election, Sandvoss said.

The state also launched a Cyber Navigator program that sent cyber experts to each voting jurisdiction to shore up common vulnerabilities. The personnel also provided valuable “education to local officials and ones with more limited resources,” Sandvoss said.

Spurred to become proactive following Russia’s activity within the state, Matt Masterson, senior cybersecurity adviser at CISA, said Illinois could serve as an example for other states regarding its improved its security posture. While most of its voting machines didn’t come equipped to print paper ballots, they’ve been retrofitted with a paper backup system. They aren’t as reliable as paper ballots, said Elizabeth Howard, Counsel at the Brennan Center for Justice’s Democracy Program, but it’s better than not using paper at all. Howard told lawmakers Tuesday a total of eight states will continue to use paperless voting equipment as their primary tabulation means.

“I think what Illinois has done here is innovative and helpful to those counties,” Masterson said.

Yet funding deficiencies may prevent all but the most cash-flush states from maximizing the safety and integrity of upcoming elections, and part of addressing that challenge falls to lawmakers themselves. After allocating $380 million to states for election security upgrades in 2018, Congress hasn’t ponied up additional cash since.

Lauren Underwood, vice chair of the House Homeland Security Committee, chastised the Senate for not having passed a House-led bill that would give states $600 million. Instead, Senate Majority Leader Mitch McConnell, R-Ky., countered with $250 million. Both proposals pale in comparison to a cost estimate derived by the Brennan Center, which suggests states need at least $2 billion to do such things as replace antiquated IT systems and provide cyber support for under-resourced jurisdictions.

“We don’t have time to waste, the Senate should immediately pass legislation to enhance our election security,” Underwood said. “We must remain vigilant against bad actors looking to undermine American Democracy.”