Congress passed, and President Trump has signed, a spending bill for 2018 that includes an additional $380 million for the US Election Assistance Commission (EAC) to address elections and cybersecurity. The EAC was created following the flawed 2000 presidential election to establish minimum security standards for elections machinery, and to provide money to US states to strengthen their elections systems.
Recent Congressional hearings and numerous demonstrations by cybersecurity experts have shown how vulnerable many older electronic voting machines are to hacking. For example, in 2016 a Princeton University computer scientist, Andrew Appel, bought a used Sequoia AVC Advantage voting machine, similar to thousands of machines still in use nationwide. Appel’s graduate student, Alex Halderman, was quickly able to gain access to the machine’s memory and software, altering them in such a way that modifying vote counts would be easy, while detecting the manipulation would be difficult.
Each US state will receive at least $3 million of the new funding, with some states getting significantly more based on demonstrated need.
Here’s what state and county elections and IT officials need to know.
- State voting machines and databases have many vulnerabilities, and election workers are the front-line troops to secure them, according to Cook County, IL, Director of Elections, Noah Praetz.
- Time is of the essence: The EAC only has 45 days–or until the week of May 7, 2018–to distribute the funds to states.
- The additional funding can be used to replace old, insecure voting equipment. It can also go toward cybersecurity training and education for election officials.
SEE: Security awareness and training policy (Tech Pro Research)
4 more ways that US states can improve cybersecurity for elections
- Prioritize cybersecurity training for all election officials and election-day volunteers.
- Practice emergency plans ahead of time with the approach of “Defend, Detect, Recover.”
- Ask the Department of Homeland Security to conduct a risk assessment of your state’s voting equipment.
- Partner with the National Election System Information Sharing and Analysis Organization (NES-ISAO) to fully incorporate the NIST Cybersecurity Framework into election systems.