U.S. intelligence officials and security experts have spent years urging states to shore up their elections’ digital defenses, and the latest indictments from special counsel Robert Mueller drew fresh attention to Russia’s cyberattacks on the 2016 presidential election.
But less than four months before the midterm elections that will shape the rest of Donald Trump’s presidency, most states’ election offices have failed to fix their most glaring security weaknesses, according to a POLITICO survey of all 50 states.
And few states are planning steps that would improve their safeguards before November, even after they receive their shares of the $380 million in election security funding that Congress approved in March.
Only 13 states said they intend to use the federal dollars to buy new voting machines. At least 22 said they have no plans to replace their machines before the election — including all five states that rely solely on paperless electronic voting devices, which cybersecurity experts consider a top vulnerability.
In addition, almost no states conduct robust, statistic-based post-election audits to look for evidence of tampering after the fact. And fewer than one-third of states and territories have requested a key type of security review from the Department of Homeland Security.
Almost none of the 40 states that responded to POLITICO provided full details of how they plan to spend their shares of the money.
The holes in states’ preparedness contrast with the alarming details that Mueller offered Friday about the extent of Russian hackers’ operations in 2016 — as well as Director of National Intelligence Dan Coats’ warning the same day that election systems and the other “digital infrastructure that serves this country is literally under attack.”
States have to take the threat seriously and not just wait for federal help, said Sen. James Lankford (R-Okla.), a member of the Intelligence Committee and one of the chief sponsors of the Secure Elections Act, a bipartisan bill meant to bolster security at the polls.
“It is not the federal government’s responsibility to pay for new machines for you,” he told POLITICO. He added, “Do what is your state’s responsibility to be able to take care of your own elections and make sure they’re secure.”
Lankford said he does not think states are being “apathetic” about implementing security safeguards at the polls. He said they are proceeding with caution given the sensitive nature of elections and closely contested races.
Still, he said the threat is real. “Russia tried to meddle in our 2016 elections — they’ll be back in 2018 and 2020,” Lankford tweeted Tuesday.
Election officials in several states say they’re improving security as fast as they can, given realities like available funding.
In South Carolina — one state facing a lawsuit over its electronic voting machines — the State Election Commission is “continuing to work with the General Assembly to obtain funding to replace” these machines, spokeswoman Marci Andino told POLITICO. “South Carolina will be replacing its voting system in coming years.”
On Capitol Hill, both the Senate and House intelligence committees have weighed in on the election hacking issue in their separate Russia investigations, with both panels recommending that voting machines use paper ballots.
Sen. Roy Blunt (R-Mo.), who chairs the Rules Committee that has jurisdiction over federal elections, told POLITICO that “any system that doesn’t provide a paper trail where you could have a recount is troublesome.”
The five states that rely entirely on paperless voting machines are Delaware, Georgia, Louisiana, New Jersey, and South Carolina. In Georgia, lawmakers failedin March to pass a bill to replace the state’s electronic machines by 2024. As in South Carolina, election integrity groups are suing the state over voting security issues.
In a sign of the growing urgency in Congress for states to improve election systems, Sens. Mike Rounds (R-S.D) and Bill Nelson (D-Fla.), leaders of the Senate Armed Services cybersecurity subcommittee, on Tuesday became the latest co-sponsors of the Secure Elections Act.
Read the complete article at politico.com
Eric Geller is a cybersecurity reporter at POLITICO, covering the White House and the Departments of Justice, State and Commerce.