When talk of Russian interference in U.S. elections comes up, much of the focus has been on state-sponsored trolls on Facebook and Twitter — special counsel Robert Mueller recently indicted a number of these actors, and Congress has taken Silicon Valley to task for allowing such accounts to flourish. But there’s another side of Russian meddling in American democracy: attacks on our election systems themselves. We know that Russian hackers in 2016 worked to compromise state voting systems and the companies that provide voting software and machines to states. That could blossom into more concrete attacks this year. As I wrote earlier this week, the worst-case scenario is that on Election Day 2018, votes are altered or fabricated and Americans are disenfranchised.
… In late March, Congress approved a spending bill that allocated nearly $400 million for securing election infrastructure before the 2018 midterms. The Brennan Center for Justice, a left-leaning legal think tank with a focus on voting integrity, said the funds would be useful “to begin deploying paper ballots, post-election audits, and other essential cybersecurity improvements,” but the amount wouldn’t be sufficient to replace all outdated voting machines. A recently released set of recommendations from the Senate Intelligence Committee encouraged states to “rapidly replace outdated and vulnerable voting systems.” And a separate report from the Brennan Center noted that “most states will use computerized voting machines that are at least 10 years old” in the 2018 election. Ideally, election security experts say, voters should use paper ballots rather than electronic voting machines, and all states should statistically audit their election results as a precaution to spot any vote tampering.
But what worries election security watchers most is that the U.S. isn’t being proactive enough in its work against state-sponsored hackers targeting the country’s election systems and political organizations. In February 2018, Adm. Mike Rogers, the head of the National Security Agency and Cyber Command, told the Senate Armed Services Committee that he had not been instructed by President Trump or Defense Secretary James Mattis to go after Russian hackers at their point of origin. “Everything, both as the director of the NSA and what I see on the Cyber Command side, leads me to believe that if we don’t change the dynamic here, this is going to continue, and 2016 won’t be viewed as something isolated,” Rogers said. That might mean that while U.S. intelligence agencies are monitoring Russian cyberactivity or gathering on-the-ground intelligence, they might not be taking offensive actions to prevent further attacks on state election systems.
With seven months to go until millions of Americans turn out to vote, there’s much left to be done.