What one congressional observer called, “a day late and a dollar short,” the bipartisan Prevent Election Hacking Act of 2018 (HR 6188) was recently introduced and referred to the House Committee on House Administration. If passed, it would “direct the Secretary of [the Department of] Homeland Security [DHS] to establish a program to improve election system cybersecurity by facilitating and encouraging assessments by independent technical experts to identify and report election cybersecurity vulnerabilities, and for other purposes.” An industry cybersecurity official said on background to Biometric Update that, “HR 6188’s potentially ground breaking — sorry, overstated deliberately — concept of outsourcing cybersecurity execution to the private sector is something worth looking into.”
Introduced by Rep. Quigley, Mike (D-IL) and John Katko (R-NY), the bill is designed, the legislators said, “to help combat the threat of election hacking. The legislation will create a competition, commonly known as a bug bounty program,” called ‘Hack the Election Program’ in the legislation] that rewards cyber experts that are able to identify vulnerabilities in our election infrastructure.”
Quigley earlier garnered $380 million in new grants to help states secure election systems from hacking, and cosponsored the Protecting the American Process for Election Results (PAPER) Act to authorize additional grant funding to harden election systems’ cybersecurity.
During DefCon last year, it took hackers less than a day to find and exploit vulnerabilities in five different voting machines.
In a joint statement, the two legislators said, “By allowing the Department of Homeland Security to establish a recurring ‘Hack the Election’ competition, we can give independent cyber experts the opportunity to assist participating state and local election officials, who often times lack the necessary cybersecurity training and guidance to prevent hacking attempts, uncover both new and existing threats to their systems,” including biometric insider threats to voting database systems, individual machines, physical access to voting sites and storage facilities, etc.