Senate Panel Hears Election Security Concerns, Eyes Midterms

Matt Masterson is the senior cybersecurity advisor for the Department of Homeland Security. (Photo: Washington Post)

The Senate Rules and Administration Committee met today with state and Federal experts to discuss election security, with all eyes on the upcoming U.S. midterm congressional elections in November.

The wide-ranging hearing covered most election security issues but keyed in on the midterm elections, what role the Federal government should have in shoring up election security, and support for S.2593, the Secure Elections Act. Testifying were Secretaries of State Jim Condos, Vt.; Jay Ashcroft, Mo.; Steve Simon, Minn.; as well as Matt Masterson, senior cybersecurity advisor, Department of Homeland Security (DHS).

With midterm primaries already underway, legislators, state officials, and Masterson stressed the importance of ensuring strong election infrastructure security.

“Recognizing that the 2018 U.S. mid-term elections are a potential target for malicious cyber activity, DHS is committed to robust engagement with state and local election officials, as well as private sector entities, to assist them with defining their risk, and providing them with information and capabilities that enable them to better defend their infrastructure,” he said. “Safeguarding and securing cyberspace is a core homeland security mission.”

Federal Help or Federal Overreach

DHS announced in January 2017 that the nation’s election infrastructure will be designated as a subsector of the existing critical infrastructure sector, a move that received mix reviews from election officials–the vast majority of whom operate on state and local levels.

The move drew significant praise from Simon, who noted that initial concerns about the designation have not been borne out.

“[W]e have benefited from the DHS ‘critical infrastructure’ designation,” Simon said. “After a rocky roll-out, that designation has been a success from our standpoint. It has not been an encroachment on state authority over elections, as some feared. It has not resulted in regulation, as some feared. On the contrary, it has provided us with expertise and resources. DHS has helped us, both in person and remotely, to identify potential vulnerabilities and best practices.”

Condos, who is also the president-elect of the National Association of Secretaries of State (NASS), agreed that the designation has been helpful–though he remains wary of overreach.

“While we remain vigilant about possible Federal overreach, we will work together to ensure that the ‘critical infrastructure;’ designation functions in a positive and effective way,” he said.

While Ashcroft appreciated the increased funding from the Federal government, he voiced the most hesitancies over Federal involvement.

“A little over a decade ago, in the wake of the last period of heightened national interest in the administration of this country’s elections, at hearings just like this, the all-knowing Federal government assured elections experts that all that we needed to do was switch to electronic voting equipment,” he said. “Now, the same all-knowing Federal government is telling election experts to stop using electronic equipment; that paper is the only way to truly verify election results.”

Communication Across State Lines

One thing everyone agreed on was the need for increased communication between states, as well as increased information sharing between DHS and state election officials.

Condos discussed the role of the Election Infrastructure Subsector Government Coordinating Council (EIS-GCC), a DHS initiative to increase the sharing of cyber threat information between Federal and state and local election officials.

“For instance, within the EIS-GCC’s Subsector Specific Plan, there are many short and long-term goals and projects to support election officials, federal partners and stakeholders,” he explained. “These include deploying an online training environment for election officials, identifying resource gaps at the state level, and establishing a digital portal to increase communication between all levels.”

Masterson shared other initiatives that DHS’s National Protection and Programs Directorate (NPPD) is working on.

“NPPD also engages directly with election officials–coordinating requests for assistance, risk mitigation, information sharing, and incident coordination, resources, and services,” he said. “In order to ensure a coordinated approach from the Federal government, NPPD has convened stakeholders from across the federal government through an Election Task Force (ETF). The ETF serves to provide actionable information and offer assistance to assist election officials with strengthening their election infrastructure by reducing and mitigating cyber risk, and increasing resilience of their processes.”

Cyber Threats or Vote Fraud?

In an extended exchange that even got a bit contentious, today’s hearing revealed significant disagreement–largely along political lines–over the severity of cyber threats towards elections.

Ashcroft, a Republican, claimed, “The evidence indicates that voter fraud is an exponentially greater threat than hacking of election equipment,” a stance that drew pushback from committee Democrats including Sens. Dick Durbin, Ill., Amy Klobuchar, Minn., Tom Udall, Ariz., and Catherine Cortez Masto, Nev.

The Democratic senators pushed Ashcroft for independent studies backing up his claims.  He didn’t supply any and instead retold a story of an election in his home state where a local election outcome was changed due to two fraudulent votes.

The senators instead stressed the severity of cyber threats–with Durbin noting that during 2016 hackers were able to access Illinois’ voter rolls, though the hackers didn’t disturb or change any of the information. On the other side of the aisle, committee Chairman Roy Blunt, R-Mo., seemed to agree with Ashcroft, citing anecdotal evidence in his own state of potential voter fraud.

Recent