The potential for disinformation to disrupt the process casts a shadow on significant improvements made since 2016.
Sensors on networks and endpoints and technology to block access to malicious websites are some of the things more federal money could help fund for smaller local jurisdictions as they prepare for the elections in November, one official told Congress.
“In addition to what states and localities have done on their own, today, the technical protections deployed across the elections infrastructure have significantly improved since 2018,” said John Gilligan, president and chief executive officer of the Center for Internet Security.
In 2018, CIS established the Election Infrastructure Information Sharing and Analysis Center through the Cybersecurity and Infrastructure Security Agency and started implementing such technical protections with the aid of congressional appropriations.
Gilligan testified Tuesday before the House Homeland Security and Governmental Affairs Committee’s panel on cybersecurity, infrastructure protection and innovation, asking for another infusion of federal funding.
Democrats in the House have been pushing for money to secure elections long before the onset of the pandemic, only to be stonewalled by Senate Leader Mitch McConnell, R-Ky. But this March, Congress passed the CARES Act, sending $400 million to states for election security.
Experts are worried about what the virus will do to physical turnout and whether measures are in place for mail-in voting alternatives. Voting at a polling place and voting by mail both come with vulnerabilities, CISA noted in an assessment released Friday. And state and local officials say they’ve nearly exhausted the CARES Act money preparing for primary contests. In May, the House passed the HEROES Act, a coronavirus relief package with $3.6 billion marked for elections security.
Gilligan said local jurisdictions, in particular, which don’t have the resources of larger state jurisdictions would benefit from additional funding.
“I mentioned some of the elections capabilities we’re trying to deploy with CISA, we can do it,” he said. “If Congress could help in the funding of these initiatives, to get them off the ground, to get enough of them deployed, what we’ve seen in other situations is that the state will start to kick in funding, but to get the ball rolling, federal funding is very important.”
Gilligan said measures election offices have taken to defend their operations, including the implementation of firewalls and multifactor authentication have greatly improved their security posture since 2016, but that there’s more to do that shouldn’t be left up to the localities.
“When we address the security of local elections offices, we have to realize that they are under-resourced and don’t have the talent that state-level and the larger elections jurisdictions do,” he said. “We cannot assume that local elections offices are ever going to be able to protect themselves. We actually have to do it for them.”
Even with technical measures in place, Gilligan said there is an overarching concern about the threat of disinformation. He recounted the worst-case scenario of 2016, where the penetration of systems were enough to undermine confidence in the process, even though no information was found to be changed.
“I think with the potential of mis- and disinformation having an impact on the voting is greater in many regards than the potential of cyber threats,” he said, responding to questions from Rep. Jim Langevin, D-R.I., about the need for a broad, enduring media literacy campaign. “To improve awareness among the public of mis- and disinformation, to help especially our youth begin to understand how to look at social media and how to look at multiple sources of information is particularly important and will be an area that will require congressional focus in the future.”