Protecting Electoral Infrastructure–Klobuchar/Graham and the NDAA
Our electoral infrastructure consists of two distinct pieces (or so it seems to me): a broader public context in which elections occur and a narrower system of election management. To date, almost everything we know about Russian electoral interference has dealt with the larger broader context—fake news, Russian troll factories, the hack of the DNC and other efforts to spread disinformation.
Published by The Lawfare Institute
in Cooperation With
Our electoral infrastructure consists of two distinct pieces (or so it seems to me): a broader public context in which elections occur and a narrower system of election management. To date, almost everything we know about Russian electoral interference has dealt with the larger broader context—fake news, Russian troll factories, the hack of the DNC and other efforts to spread disinformation. As the New York Times reported over the weekend, there are virtually no forensics that have been done to assess whether or not any effort was made to actually manipulate electoral data—voter databases, registrations, and actual votes. Though there have been some indications of such efforts, to date there has been only limited evidence. Before the last election, concern was sufficiently great that DHS moved to designate the electoral system as critical infrastructure—a move that was harshly condemned by pro-Trump Republican supporters. And so, at this juncture (with the 2018 elections just over a year away) it is fair to say that almost nothing has been done to enhance the cybersecurity of the actual electoral process.
Along come Senators Klobuchar and Graham, who have proposed an amendment (SA 656) to this years NDAA. [The amendments are printed in the Congressional Record and SA656 can be seen at pages S4574-77 of the July 27 edition.] The amendment is modest in its terms (no doubt because securing bipartisan agreement on any aggressive electoral reforms would be nigh on impossible). In summary, it does the following:
- Tasks DHS and the Electoral Assistance Commission with developing a set of "best practices" for the cybersecurity of the electoral infrastructure; and
- Authorizes Election Technology Improvement grants to the States to be used to address identified risks and vulnerabilities and to purchase new and/or upgrade older election system hardware.
While it is hard (indeed almost impossible) to object to any of the purposes behind the Klobuchar/Graham proposal, it is depressing, indeed, to see that so little is possible. A set of best practices and a promise to throw money at the problem is the barest of starts on a difficult problem. And, one suspects, in these times of fiscal restraint, even the promise of money may not be realistic.