The Senate Intelligence Committee released its recommendations to stop hackers from tampering with future elections on Tuesday.
The committee held a press conference after releasing its recommendations (pdf), pointing out six key steps that state and local election officials should follow to protect their voting machines and databases. The recommendations come as lawmakers have increasing concern about the US’s election infrastructure, pointing out attempted cyberattacks in the past.
“It is clear the Russian government was looking for vulnerabilities in our election system, and highlighted some of the key gaps,” Sen. Richard Burr (R-NC), the committee chairman, said at the press conference. “Russia was trying to undermine the confidence of our election system.”
Senators are hosting an open hearing on Wednesday to discuss the issue further, with representatives from the Department of Homeland Security and the Election Assistance Commission expected to testify.
Election security has been a major concern for the US’s critical infrastructure since the DHS announced that Russian hackers made several attempts to break into the nation’s electoral system.
Russian meddling was prevalent throughout the 2016 presidential election, but whether it’s through propaganda campaigns on social media or phishing attacks on the Democratic National Committee. Attempted attacks on voting machines and election infrastructure strike a different nerve because it would mean hackers would be able to alter the votes directly. The DHS noted that vote counts were not affected in the attempted attacks on 21 states.
“We were all disappointed that states, federal government, and the DHS was not more on their game in advance of the 2016 presidential election,” Sen. Mark Warner (D-Va.), the committee’s vice chair, said.
Here’s how the six recommendations break down:
Reinforce States’ Primacy in Running Elections
States need to be the officials in charge when it comes to running elections. The federal government should make sure that all states are getting the resources the states need for security, according to the document.
“The federal government should partner with the state to truly secure its systems,” Sen. Burr said. Senators said the federal government needed to do more to support state election officials, including with funding and security resources.
Create Effective Deterrence
The US government needs to properly respond to any attempted attack on the US’s election system. The federal government needs to work with the US’s allies and establish “new international cyber norms.” The committee pointed to attempted cyberattacks on elections in France and Germany as an example of how the international community could work together.
The recommendation calls for US officials to recognize attempted attacks on election infrastructure as a “hostile act” and respond accordingly. The senators said the attempted attacks on 21 states during 2016 were a hostile act.
Improve Information Sharing
The intelligence community needs to put a high priority on attributing cyberattacks. The DHS needs to make sure both the federal government and local, state governments can share information on attacks with each other efficiently, and build a proper response.
Secure Election-Related Systems
Election officials should take basic security steps “like two-factor authentication” for logging into voter databases. States should also work with the DHS to create guidelines on best cybersecurity practices. It means making sure election officials are trained to not click on suspicious emails, and have risk management plans if they are hit with malware.
Secure the Vote Itself
States need to quickly replace their outdated voting systems. All machines should have a paper trail, and should not be connected to Wi-Fi.
“There were still 40 states that were operating with election equipment that was more than a decade old,” Sen. Warner said. “Much of that equipment had outdated software that you weren’t even able to upgrade even if you chose to.”
The recommendations stressed a need for a paper trail for votes, and not relying only on electronic votes, to prevent future tampering.
“Look at where we are, in the year of our lord 2018, we’re talking about paper ballots. But that actually might be one of the smartest systems,” Sen. Kamala Harris (D-Calif.) said. “Russia cannot hack a piece of paper like they can a computer connected to the internet.”
The California senator also pointed out that voting machines connected online have more potential for cyberattacks.
Assistance for the States
The federal government needs to provide funding for states to upgrade their systems and improve their cybersecurity practices. Election officials should hire information technology staff and buy new voting machines.
“We realize all of this security costs money. We want to make sure the federal government not only says we’re a partner, but we are a partner,” Burr said.
Updated at 10:06 a.m. PT: To include details from the press conference.