For many, the most important question as the midterms approach isn’t whether the Democrats or Republicans will win control of Congress, but whether the elections themselves will be secure. In 2016, Russian hackers likely targeted election systems in many states and penetrated Illinois’s registration database; this year there is concern that hackers will go after both government and private systems. In March, Congress made $380 million available to states seeking to improve their election systems’ cybersecurity. But state officials and election security experts say this doesn’t even come close to addressing the nation’s electoral cybersecurity needs. So what exactly do states need to do in order to secure their election systems? Although experts largely agree on basic guidelines, there is no one playbook for how to beef up electoral cybersecurity. America’s elections infrastructure is highly decentralized, with every state managing its own system. This is a benefit in some ways, said Jim Condos, Vermont’s secretary of state and a prominent voice in election cybersecurity discussions. It means bad actors can’t just break into one centralized system. But it also means states employ a patchwork of approaches to elections cybersecurity. The contours of threats and their fixes are constantly shifting as well.
The complexity of upgrading America’s electoral cybersecurity makes it difficult for legislators to draft a single overhaul bill. Instead, many of the experts I’ve spoken to agree, the federal government needs to commit itself to an ongoing effort to help states learn about threats and develop their security through regular institutional and financial support.
… All of the experts I spoke to for this piece were optimistic that such an agreement could be reached in the near future. Until 2016, they noted, most of Congress saw elections as a state issue, and their 2002 funding as a one-time deal. States, meanwhile, were largely leery of federal involvement in their election systems through funding offers. However, states have warmed to federal cooperation to varying degrees over the past couple years, and Congress has started to take elections cybersecurity seriously as a federal-level national security concern.
But we definitely won’t see that understanding and funding before the 2018 elections. And whether we see funding of any sort will depend on the experience and outcome of that election. So voters will just have to cross their fingers for November and hope that legislators and state officials pick this issue back up come January 2019. The 2020 elections are closer than you think.