Senate Intel Committee gives Homeland Security its election security wish list

In a press conference today, the Senate Select Committee on Intelligence presented its urgent recommendations for protecting election systems as the U.S. moves toward midterm elections later this year.

“Currently we have an election upon us, and the past tells us that the future will probably hold another set of threats if we are not prepared,” Senator Kamala Harris said.

The bipartisan committee offered a set of measures to defend domestic election infrastructure against hostile foreign nations.

Before launching into the findings from its committee-wide examination of current practices, written up in an accompanying report, the group emphasized that states are “firmly in the lead” in conducting elections, although the federal government should work closely to provide funds and information.

Although there are many factors that can mitigate the risk to U.S. elections, election equipment itself, particularly internet-connected systems, remains a core concern in the report:

States should rapidly replace outdated and vulnerable voting systems. At a minimum, any machine purchased going forward should have a voter-verified paper trail and no WiFi capability. If use of paper ballots becomes more widespread, election officials should re-examine current practices for securing the chain of custody of all paper ballots and verify no opportunities exist for the introduction of fraudulent votes.

Because financial need varies from state to state, the committee recommended legislation that would create a grant program through which states could apply for election security funds, including the funding needed to conduct system audits.

“States should use grant funds to improve cybersecurity by hiring additional Information Technology staff, updating software, and contracting vendors to provide cybersecurity services, among other steps,” the report states.

The rest of the report focused on how to bolster U.S. election infrastructure and practice against foreign attacks. Now that the potential vulnerability of U.S. election systems is widely known, Russia may not be the only adversary looking to poke holes in U.S. systems.

“It may not be the Russians next time,” Senator James Lankford said. “They have set a pattern that others could follow.” That means that Iran, North Korea or even domestic hacktivist groups could be following along.

The committee recommends that the U.S. work with allied countries to create international cyber standards to deter hostile nations from taking advantage of current gray areas in cyber policy, making it clear that attacks on election systems are “hostile acts.”

“We need a more transparent cyber doctrine so that other nation-states are on notice,” New Mexico Senator Martin Heinrich said.

The committee made multiple mentions of the Department of Homeland Security’s failure to coordinate with states — and state-level distrust of that department — during the 2016 election. In the past, information sharing between federal and state officials has been hampered by slow processes for obtaining the proper security clearances for state and local election workers.

“The Intelligence Community should work to declassify information quickly, whenever possible, to provide warning to appropriate state and local officials,” the report states.

States also lag behind when it comes to knowledge and implementation of basic cybersecurity best practices like two-factor authentication. The committee urges DHS to work to educate the states to establish a set of best practices to mitigate risk.

Tomorrow, the committee will have a chance to hand their wish list over in person. Homeland Secretary Kirstjen Nielsen will appear in the first of a three-panel hearing, alongside Obama-era secretary Jeh Johnson, who oversaw the department during the 2016 election.