Congress passed, and President Trump has signed, a spending bill for 2018 that includes an additional $380 million for the US Election Assistance Commission (EAC) to address elections and cybersecurity. The EAC was created following the flawed 2000 presidential election to establish minimum security standards for elections machinery, and to provide money to US states to strengthen their elections systems.
Recent Congressional hearings and numerous demonstrations by cybersecurity experts have shown how vulnerable many older electronic voting machines are to hacking. For example, in 2016 a Princeton University computer scientist, Andrew Appel, bought a used Sequoia AVC Advantage voting machine, similar to thousands of machines still in use nationwide. Appel's graduate student, Alex Halderman, was quickly able to gain access to the machine's memory and software, altering them in such a way that modifying vote counts would be easy, while detecting the manipulation would be difficult.
Each US state will receive at least $3 million of the new funding, with some states getting significantly more based on demonstrated need.
Here's what state and county elections and IT officials need to know.
- State voting machines and databases have many vulnerabilities, and election workers are the front-line troops to secure them, according to Cook County, IL, Director of Elections, Noah Praetz.
- Time is of the essence: The EAC only has 45 days—or until the week of May 7, 2018—to distribute the funds to states.
- The additional funding can be used to replace old, insecure voting equipment. It can also go toward cybersecurity training and education for election officials.
SEE: Security awareness and training policy (Tech Pro Research)
4 more ways that US states can improve cybersecurity for elections
- Prioritize cybersecurity training for all election officials and election-day volunteers.
- Practice emergency plans ahead of time with the approach of "Defend, Detect, Recover."
- Ask the Department of Homeland Security to conduct a risk assessment of your state's voting equipment.
- Partner with the National Election System Information Sharing and Analysis Organization (NES-ISAO) to fully incorporate the NIST Cybersecurity Framework into election systems.
- DHS election cybersecurity aid draws less than half the states (CNET)
- Homeland Security's tall order: A hacker-free election (CNET)
- US slaps new sanctions on Russia over NotPetya cyberattack, election meddling (ZDNet)
- Your voter data file is a treasure trove of personal data (TechRepublic)
- How the Department of Homeland Security is cracking down on phishing (TechRepublic)
- Cambridge Analytica's Facebook game in politics was just the beginning, the enterprise was next (TechRepublic)
Gregory Michaelidis directs the Security Awareness Lab and is a Cybersecurity Initiative Fellow at New America. Previously he served as a senior public affairs advisor and director of speechwriting at the U.S. Department of Homeland Security.