Congressional staff on Thursday heard from a panel — including a former high-ranking Justice Department official and a state county clerk responsible for election-data rolls — that called for swift, bipartisan action on legislation offering new requirements and funding for states to upgrade and secure the nation’s election system from foreign and other malicious hacks. The move could have implications for industry by setting security requirements on the technologies and products sold to state election officials, and underscores a growing sentiment for a physical backup to operations that take place in cyberspace. Susan Greenhalgh, an election specialist with the non-profit group Verified Voting, said the National Institute of Standards and Technology and the Department of Homeland Security are meeting with the Election Assistance Commission to promote use of the NIST cybersecurity framework by state officials. The EAC was established by Congress in 2002 to assist states with guidance and funding to upgrade voting systems. Greenhalgh spoke as part of the panel on election security held on the Senate side of the Capitol on Thursday.
Any legislation enacted by Congress should call for the use of cybersecurity “best practices,” require backup paper ballots, and establish protocols for auditing election results, according to the University of Michigan’s Director of the Center for Computer Security and Society Alex Halderman, who spoke as part of the panel.
Halderman said any federal efforts to secure the election system should focus on deterring attacks by undermining the ability of hackers to sow distrust or change outcomes. He said hardening the data systems run by state and local officials and creating a paper backup that can be audited would ensure that “neither of those attacks is going to work.”