Government Cyber Focus: Planning for 2020 Election Security

The 2020 election security topic has risen to become the top cybersecurity agenda item for federal, state and local governments. Here’s a round-up of new bills, reports and more on securing the voting process.

by / June 9, 2019

Election security has become a hot topic. From the Mueller report to newly proposed federal legislation to National Governors Association policy academies to other state-by-state cybersecurity actions, the complex topic of "securing our vote" is getting more attention than ever before.

Despite headline-grabbing ransomware attacks against major cities, domestic finger-pointing at three-letter-agencies for leaked offensive hacking tools, and a relentless barrage of other new cyberthreats hitting the public and private sectors, the big national security focus in June 2019 is how to ensure that the 2020 elections are not a repeat of 2016 regarding foreign interference (or, worse yet, hacking) in our democratic voting processes.        

No doubt, the topic is not new. Here are just a few of my election security related blogs over the past 18 months on this topic:

Nevertheless, several national experts recently said that election security issues encompass up to 70 percent of cybersecurity-related conversations in Washington, D.C., among political and nonpolitical leaders right now.

Why?

Here are a few recent articles that point to this hyper-focus on election security at the moment:

TheHill.com: Mueller remarks put renewed focus on election security bills — “Legislation aimed at securing U.S. elections got an unexpected shot in the arm this week when Robert Mueller devoted a fair share of his first remarks on the Russia probe to the threat posed by foreign actors seeking to undermine democracy at the ballot box.

Election security bills have been languishing in Congress for months, due in large part to Republicans who do not want to shine a light on Russia's actions and risk the fury of President Trump. …”

NY Times: New Election Security Bills Face a One-Man Roadblock: Mitch McConnell — “A raft of legislation intended to better secure United States election systems after what the special counsel, Robert S. Mueller III, called a “sweeping and systematic” Russian attack in 2016 is running into a one-man roadblock in the form of the Senate majority leader, Mitch McConnell of Kentucky. …

The bills include a Democratic measure that would send more than $1 billion to state and local governments to tighten election security, but would also demand a national strategy to protect American democratic institutions against cyberattacks and require that states spend federal funds only on federally certified “election infrastructure vendors. …”

Government Technology magazine: Six States Tapped by NGA for Election Security Policy Academy — “Six states will have tougher cybersecurity measures in place when the 2020 election begins to heat up.

The National Governors Association (NGA) selected Arizona, Hawaii, Idaho, Minnesota, Nevada and Virginia to participate in the NGA Policy Academy on Election Cybersecurity after a "highly competitive" application process, according to a release.

Election officials, staff from the six governors’ offices and personnel from executive branch agencies will work together to develop response plans for cyberattacks on election infrastructure. The academy is meant to foster idea-sharing, open communication and cooperation between the entities involved.

Wired magazine: Election Security Is Still Hurting at Every Level — “The Russian meddling that rocked the 2016 US presidential election gave the public a full view of something officials and advocates have warned about for years: weak voting infrastructure and election systems around the US, and a lack of political will and funding to strengthen them. Two and a half years later, real progress has been made in key areas. But with a new presidential election less than 18 months away, glaring systemic risks remain. …”

NACO.org: EI-ISAC protects the nation’s voting infrastructure — “In March, the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) opened for business to provide an elections-focused cyber defense suite to the nation’s election offices and the partners that support them. …

As a federally funded organization, the EI-ISAC provides:

  • 24x7x365 security operations center
  • incident response and remediation
  • threat and vulnerability monitoring
  • election-specific threat intelligence
  • training sessions and webinars, with discounts on training and other products
  • security best practice recommendations and tools”

Stanford.edu: Ahead of the 2020 election, Stanford experts urge a concerted, national response to confront foreign interference — “Scholars from Stanford University put forward a comprehensive strategy for what needs to be done to protect the integrity and independence of U.S. elections, with a keen focus on the upcoming presidential campaign in 2020.

The “Securing American Elections” report is composed of eight chapters that identify ongoing issues and recommendations that add up to more than 45 actionable measures.

The report draws on findings that emerged from Special Counsel Robert Mueller’s investigation into Russian government efforts to influence the 2016 presidential election, as well as other independent research about vulnerabilities in the American election system. Securing American Elections: Prescriptions for Enhancing the Integrity and Independence of the 2020 U.S. Presidential Election and Beyond offers over 45 specific policy recommendations to help the nation’s lawmakers and technology sector leaders deter potential threats from foreign and domestic actors seeking to illegally disrupt the American electoral process.”

My Closing Thoughts

Watch this space, because there will be plenty more pieces on election security prior to the November 2020 presidential election.   

While new legislation may be stalled, there is bipartisan agreement (at federal, state and local levels) that more needs to be done to protect our 2020 elections. No doubt, there is disagreement on exactly what actions need to be taken.

The stakes have never been higher, and despite the political overtones of many of the legislative efforts, both sides are going the extra mile to highlight security concerns with voting practices. I expect another push on election security over the next year, as the effort gets headline names like “protecting our democracy.”

But while I applaud these national election cybersecurity efforts, many other important cybersecurity priorities will be (sadly) overshadowed, underfunded or largely ignored by governments.