Second, the Department of Homeland Security and the Election Assistance Commission (EAC) should lead a process to develop election baseline cybersecurity guidelines and help states implement these best practices. For example, most people agree that every electronic voting machine should create a paper record that can be audited, but about a quarter of voters cast their ballots on machines that leave no paper trail. DHS is best positioned to harness government’s cybersecurity expertise, while the EAC, created after the 2000 recount, is experienced at working with state and local election authorities. The process should be collaborative, just as it was when the National Institute of Standards and Technology partnered with the private sector to develop a “framework” of measures and practices widely heralded as the gold standard in industrial cybersecurity. This process should ensure that every state establishes a comprehensive election cybersecurity plan. And Congress should establish a grant program to help states get there.
Third, we must develop a better system for sharing information between state and federal officials. While the U.S. election system is decentralized, the threats against it are not confined to state borders. In the lead-up to 2016, state officials were not adequately discussing election security with one another and the federal government. Even today, a number of officials are reportedly still in the dark about whether Russian hackers penetrated their systems. The federal government should create a “cyber-FEMA” to help detect threats to state and local election systems and then coordinate among Homeland Security, the FBI and the EAC to provide necessary intelligence and assistance.
Join the conversation as a VIP Member