State and local governments need money, not words, to shore up security, a panel of House Democrats said.
A panel of House Democrats wants to commit $400 million to secure future elections from hackers.
That $400 million is what’s left over in appropriated funds from the 2002 Help America Vote Act, which focused on making voting easier for people with disabilities.
The money could be used to replace outdated and unsecure voting machines that lack paper receipts for votes, the Democrats’ independent election security task force said in a Monday letter to leaders of the House Appropriations Committee.
The letter comes less than a week after the task force, which includes no Republican members and is not officially sanctioned by the House, released a set of preliminary findings from five months of hearings and analysis.
Those findings stressed the importance of committing money, rather than mere words, to shoring up state and local election systems following Russian efforts to penetrate those systems during the 2016 cycle.
Russian government-backed hackers probed about 20 state election systems, the Homeland Security Department has said, but there’s no evidence they penetrated election databases or voter rolls.
The task force recommended better information sharing between Homeland Security and state election officials on cyber threats.
Also Monday, Harvard’s Belfer Center for Science and International Affairs released a Cybersecurity Campaign Playbook authored, in part, by 2016 Hillary Clinton Campaign Manager Robby Mook and 2012 Mitt Romney Campaign Manager Matt Rhoades.
The playbook, which lists numerous cybersecurity experts among its co-authors, lays out basic information security advice for campaigns, such as relying on proven, cloud-based data storage systems rather than custom-built systems and requiring all staff to use multiple factors—such as a password and a unique code—to access campaign information.
The playbook also stresses the importance of dealing with cybersecurity at the top levels of a campaign and integrating cybersecurity plans and discussions into all parts of campaign operations, including information technology and human resources.
Political campaigns are notably “soft targets” for digital attacks, the report notes, because they collect and store large amounts of sensitive voter information but are also stood up quickly, with new staff and volunteers arriving daily and little time to develop long-term security strategies.