It does not have to be this way. Congress could create voting security standards for the election of its members and of the president. It has not done so, leaving it instead to the states to protect the integrity of the democratic process.
Minimal election security standards could be simply stated: 1) No vote recording machine shall be connected electronically to any network — including but not limited to local area networks (LANs), Wi-Fi, the internet and virtual private networks (VPNs). 2) Every voting machine must create a paper copy of each vote recorded, and those paper copies must be kept secured for at least a year. 3) A verification audit by sampling shall be conducted within 90 days on a statistically significant level by professional auditors to compare the paper ballots of record with the results recorded and reported.
There are other things that would be nice to have to provide additional levels of assurance. One of the best ideas is that the software used to run voting machines be restricted to open source applications, whose code could be publicly examined. Another proposal that makes sense is that voting machines be required to run a certified malware detection software application before, during and after the voting process.