[Image via eac]
U.S. Election Assistance Commission Chair Matt Masterson has a new op-ed in The Hill newspaper on the threats to America’s election system – and it makes tremendous sense on the need for cooperation at every level of government to meet those threats:
“Russia’s 2016 Presidential election influence effort was its boldest to date in the United States. Moscow employed a multi-faceted approach intended to undermine confidence in our democratic process.”
That’s what Federal Bureau of Investigation (FBI) Assistant Director Bill Priestap of the Counterintelligence Division told the Senate Intelligence Committee this week. His testimony came amid a series of news stories purporting to detail the scope and extent of state-actor attempts to interfere with the administration of the 2016 election.
While much of the information in these reports is not necessarily new, revelations of previously nondisclosed details has made clear that while there is no evidence votes were changed there remains a need to improve the timeliness and depth of information sharing between the national security community and our nation’s election officials in order to better secure the systems that run our elections.
Priestap’s testimony and similar warnings issued by national security experts are a clarion call for all of us – those in the election and national security communities – to better align our extensive efforts to monitor and thwart persistent and real threats to the nation’s election system.
We are in a new operating environment, and we in the election community must acknowledge that. Then we must come together with national security experts to deploy tactics that demonstrate sophistication and purpose that is superior to those who seek to undermine voter confidence by attempting to attack the foundation of democracy – our vote. This is a matter of national security.
Coordinated efforts are the most effective way to protect elections. Ahead of the 2016 Federal Election, election administrators actively worked with state and local law enforcement, independent cybersecurity experts, and federal agencies such as the Election Assistance Commission (EAC), FBI and Department of Homeland Security (DHS) to identify and address threats as they emerged.
Through regular security alerts, conference calls, direct assistance, and other resources such as system security checklists and best practices documents, state and local election officials had a direct line to the resources and actionable intelligence information they needed to secure their systems.
This kind of coordinated approach in 2016 paid off in the face of serious threats. States, localities and election vendors were targeted by sophisticated nation state actors who attempted to scan, probe and access their systems. In two cases, voter registration systems were actually accessed. While there is no information to show that voter data or votes were changed, this should serve as a wake-up call to all of us as to the severity of the threats. Heading into the 2018 mid-term election, we should heed the lessons we learned in 2016 and work to strengthen efforts to address existing threats and those that are still evolving.
The EAC is proud to remain a federal partner in this coordinated effort. We recognize that the strength of the election process lies in the decentralized state and locally run nature of elections. This model has proven its resilience time and time again. But it can only be successful if the individuals leading elections, everyone from a local election administrator to a Secretary of State, has timely access to the most thorough and clear information available. They cannot successfully operate in a vacuum or wait to receive valuable information. Election-speed is a real phenomenon. Elections have hard deadlines and the work to make them successful is a constant, ongoing effort for state and local administrators who are always up against the clock.
I urge my federal colleagues to answer the call to improve the way we work with state and local election administrators. We need to provide broad and timely information and share actionable intelligence with those on the front lines of operating election systems. They must be among the first to know when a threat is on the horizon so that they can fully appreciate the environment in which elections are taking place and focus their time and resources on better securing election systems.
All of us together must commit to finding better ways to share information so that we can make a united push forward toward a more secure, accessible, accurate and auditable process. Our democracy demands it of us.
From the EAC’s perspective, we look forward to taking steps that can help serve the sometimes competing needs of the national security community and state and local election officials. We will engage the best and brightest in elections, cyber-security and technology to produce meaningful guidance on better securing the process.
We will leverage cyber-security resources made available to us to share best practices, tools and resources with election officials to improve the baseline security of election systems. We will also reassess the risk environment for election systems and work with election administrators, election system vendors, the National Institute of Standards and Technology, DHS and the FBI to provide current and actionable steps election officials can take to mitigate those risks. As we work to finalize the next version of standards to test voting systems, we will continue to engage the cybersecurity community, as well as experts in accessibility, usability and election administration to ensure voting systems are tested and certified to the highest standards possible without undercutting each American’s ability to cast their ballot privately and independently.
The diligent efforts of those involved in administering the 2016 election maintained the integrity of that election, but the next time that may not be enough. We need less finger pointing and more candid and open conversations between election administrators, federal agencies, private industry, and cyber and national security experts. Elections are more secure when we fully coordinate efforts to address existing threats, share cutting-edge strategies to address them, improve information sharing, and help jurisdictions best protect systems when budgets are tight. Failure to do so will put us at a serious disadvantage against those who seek to disrupt the core of our democracy.
The challenges our election officials face are real, and we will not be able to overcome those challenges without the willingness to share information and invest sufficient resources – financial, human and technological – to detect, resist and repel outside efforts to interfere with the nation’s voting system. Here’s hoping policymakers in Washington and across the nation can heed Chair Masterson’s wise words and help the election community get on the same page when it comes to election security.