In her testimony at an election security hearing before the Committee on House Administration last week, Verified Voting President Marian Schneider joined advocates and election officials in calling on Congress to help states and local jurisdictions replace aging voting systems, conduct risk-limiting audits and enhance election infrastructure security. In order to prepare for 2020, Congress must provide “adequate financial investment in cyber security best practices, replacement equipment and post-election audit processes … immediately and continue at a sustainable level moving forward.”
Writing in Governing, Graham Vyse highlighted the significant bipartisan agreement between the two secretaries of state who testified, Jocelyn Benson (D-MI)and John Merrill (R-AL) on efforts needed to address emerging threats to election security. Along with all the witnesses, the state election officials agreed that more federal funding for election security was needed. Significantly the witnesses were also unanimous in recommending the replacement of direct recording electronic voting machines with paper ballot voting system and conducting post-election ballot audits.
Two days after the hearing, House Homeland Security Committee Chairman Bennie Thompson (D-MS), House Administration Committee Chairwoman Zoe Lofgren (D-CA) and Rep. John Sarbanes (D-MD), the chairman of the Democracy Reform Task Force reintroduced The Election Security Act. Aimed at reducing risks posed by cyberattacks by foreign entities or other actors against U.S. election systems, the bill would establish cybersecurity standards for voting system vendors and require states to use paper ballots during elections.
The resignation of the Election Assistance Commission’s head of voting system testing and certification reflects an agency crisis according to Politico’s Morning Cybersecurity. Macias’ departure may be related to an exchange at an EAC field hearing, when Commissioner Christy McCormick repeatedly asked Macias why EAC commissioners didn’t have final approval over the details of federal voting system standards. After Macias leaves on May 17, the EAC will have only one employee working full-time on assessing voting machines based on federal standards former Colorado voting security expert Jerome Lovato, who, according to an email obtained by CyberScoop, the EAC has appointed Lovato to replace Macias. The EAC’s internal announcement cited Lovato’s experience testing and piloting voting systems and his familiarity with risk-limiting audits. He previously worked for a decade as a voting systems specialist at the Colorado Secretary of State’s office.
Sen. Ron Wyden (D-OR) has contacted VR Systems, the Florida voter-registration software maker that the FBI apparently believes Russia hacked, asking if “the company ever engaged a third party to conduct a forensic examination of its computer networks and systems since the hacking assertions first came to light after the 2016 election”. As Kim Zetter reports in Politico, VR Systems, insists it wasn’t hacked, referencing an analysis by FireEye to claim there was never an intrusion in VR System’s EVID servers or network. A separate FBI investigation indicated that malware was installed on the network of a vendor fitting VR Systems’ description.
After a briefing last Friday with the FBI and DHS, Florida Gov. Ron DeSantis, revealed that, according to the Müller investigation, election information in two Florida counties was accessed by Russian hackers in 2016.
