Eighteen U.S. states lack sufficient cybersecurity safeguards to protect their election voting infrastructure from hackers, a new Congressional report said.
In one way, it’s alarming that nearly 40 percent of states are highly vulnerable to election cyber shenanigans. On the other hand, it is with equal surprise that the remaining 60 percent have systems in place with key voting security defenses, including paper trails and post-election audits. Positioned against the omnipresent backdrop of foreign meddling in the 2016 Presidential election and the threat of more cyber attacks in the November midterm elections, either way it’s a startling finding.
The report, entitled Election Security Update, was released by House Administration Committee Democrats without the support of Republicans. In it, the authors call on Congress to grant $1.4 billion in new funding for all 50 states to lock down election security over the next 10 years.
“It is now well-known that Russian hackers targeted voter registration databases in at least 21 states and attempted to access credentials of election technology vendors and election officials,” the report said. “If these attacks had succeeded, hackers could have deleted voter registration records, altered poll books, caused chaos on Election Day, and potentially swayed the results of the election.”
The new funding request is in addition to the $380 million Congress approved nearly four months ago in a bipartisan initiative for states to upgrade their election systems.
“While this money is a useful down payment, we have found that it will cost an additional $1.4 billion over ten years for states to be able to take all the steps required to secure their election systems,” the authors wrote.
The report ranks the 18 states by tiers based on their election security vulnerabilities:
- Tier 1: The most serious election security vulnerabilities. Includes Delaware, Georgia, Louisiana, New Jersey and South Carolina.
- Tier 2: Significant vulnerabilities, may not be planning to use federal funds to fix their problems. Includes Arizona, Florida, Illinois, Indiana, Kansas, New Hampshire, Tennessee, Texas and Wisconsin.
- Tier 3: Significant vulnerabilities, plan to use federal funds, may need additional money to upgrade their election infrastructure. Includes Arkansas, Iowa, Pennsylvania and Washington.
All the states in Tier 1 use electronic voting machines with no paper record, making it “nearly impossible to determine” if their systems have been hacked and their vote tally changed, the report said. As a result, they are deemed the most susceptible to hacks by foreign bad actors.
Regarding the $380 million Congress previously set aside for state-level cybersecurity upgrades, so far only 13 states have told the Election Assistance Commission (EAC) how they intend to budget their share of that money. The remainder are expected to submit plans this week, the EAC told the Washington Post. California, which received $34.5 million from Congress, said it will dole out $3 million to county election officials for cybersecurity improvements ahead of the midterms, while Hawaii will spend some $400,000, the report said.
Rep. Zoe Lofgren (D-Calif.), who co-authored the new report, told the Post that the plan is to find more money for cybersecurity upgrades without sparking political conflict, a sentiment echoed by David Becker, executive director for the Center for Election Innovation and Research. "It's imperative that we respond to this very real threat in a way that transcends party lines. When it looks like either side is making this a partisan issue, they could ultimately reduce the chance that we’ll find an effective solution,” he reportedly said.