[Image via senate.gov]
Senators Amy Klobuchar (DFL-MN) and Lindsey Graham (R-SC) have proposed an amendment (SA656) to the defense authorization bill that would provide states with federal dollars to upgrade their election cybersecurity.
The bill, which borrows in large part from Klobuchar’s HACK Act introduced earlier this year, would require the federal government to establish best practices for cybersecurity and set up “election technology improvement grants” to help states fund improvements to meet those best practices based on a state plan laying out those proposed improvements.
Former Homeland Security Secretary Michael Chertoff praised the amendment yesterday in the Wall Street Journal:
This summer more than 100 experts on election administration, computer science and national security released a plan for Congress to safeguard the vote. The experts include Republicans and Democrats, united in the view that our current patchwork of voting-security measures is insufficient for the emerging threats.
Some in Congress are now finally paying attention. A bipartisan amendment to the National Defense Authorization Act from Sens. Lindsey Graham (R., S.C.) and Amy Klobuchar (D., Minn.) would address the challenge in a way that’s fiscally responsible, respectful of states’ policy-making powers, and proactive in dealing with the most pressing vulnerabilities. It would limit access to election systems to qualified vendors, secure voter registration logs, help ensure proper audits of elections, create more-secure information sharing about threats, and establish proper standards for transparency.
You’d think that an amendment like SA656 – which both addresses the issue of cybersecurity AND makes (scarce) money available to states – would be an easy win, but there is apparently resistance because of concerns of federal intrusion into state and local control over election administration. That’s unfortunate, given that the approach (best practices plus funding) is so modest, given current political realities – so modest, in fact, that security consultant Paul Rosenzweig writes in the LawFare Blog that “it is depressing, indeed, to see that so little is possible.”
You can actually make the case that the federal government is the best place for this kind of effort, given that the U.S. Constitution established a national government in part to “provide for the common defense”. As one person close to the issue told me, “you wouldn’t ask county election officials to go it alone against a foreign adversary on the battlefield – why would you force them to go it alone in cyberspace?”
Here’s hoping that SA656 can make it into the Senate’s version of the defense authorization bill and eventually make it through the House and into law. It’s a very small first step but one states and localities can use to harden their election systems in what appears to be an increasingly hostile cyber-environment.
Stay tuned …