We now know that Russian President Vladimir Putin ordered a comprehensive effort to interfere with the 2016 presidential election. This mission involved the cybertheft and strategic publication of politically sensitive emails, the placement and amplification of misinformation on social media, overt propaganda and efforts to penetrate the systems of dozens of state election authorities. … First, President Trump must unequivocally acknowledgeRussia’s attack on the 2016 election and clearly state that any future attack on our democratic institutions will not be tolerated. One of the oddest aspects of the president’s foreign policy to date is his refusal to criticize — let alone condemn — Russian hostility, be it directed at our elections or Ukraine, Syria or Afghanistan. The president continued to make inconsistent statements in Warsaw, claiming that “nobody really knows” whether Russia meddled in the 2016 election. No president should accept the representations of a foreign adversary over the considered conclusions of his own intelligence services. In all events, the president should demand a plan from his national security team to deter and prevent election attacks.
Second, the Department of Homeland Security and the Election Assistance Commission (EAC) should lead a process to develop election baseline cybersecurity guidelines and help states implement these best practices. For example, most people agree that every electronic voting machine should create a paper record that can be audited, but about a quarter of voters cast their ballots on machines that leave no paper trail. DHS is best positioned to harness government’s cybersecurity expertise, while the EAC, created after the 2000 recount, is experienced at working with state and local election authorities. The process should be collaborative, just as it was when the National Institute of Standards and Technology partnered with the private sector to develop a “framework” of measures and practices widely heralded as the gold standard in industrial cybersecurity. This process should ensure that every state establishes a comprehensive election cybersecurity plan. And Congress should establish a grant program to help states get there.
Third, we must develop a better system for sharing information between state and federal officials. While the U.S. election system is decentralized, the threats against it are not confined to state borders. In the lead-up to 2016, state officials were not adequately discussing election security with one another and the federal government. Even today, a number of officials are reportedly still in the dark about whether Russian hackers penetrated their systems. The federal government should create a “cyber-FEMA” to help detect threats to state and local election systems and then coordinate among Homeland Security, the FBI and the EAC to provide necessary intelligence and assistance.