Cybersecurity & Tech Democracy & Elections

Protecting Electoral Infrastructure–Klobuchar/Graham and the NDAA

Paul Rosenzweig
Tuesday, September 5, 2017, 10:46 AM

Our electoral infrastructure consists of two distinct pieces (or so it seems to me): a broader public context in which elections occur and a narrower system of election management. To date, almost everything we know about Russian electoral interference has dealt with the larger broader contextfake news, Russian troll factories, the hack of the DNC and other efforts to spread disinformation.

Published by The Lawfare Institute
in Cooperation With
Brookings

Our electoral infrastructure consists of two distinct pieces (or so it seems to me): a broader public context in which elections occur and a narrower system of election management. To date, almost everything we know about Russian electoral interference has dealt with the larger broader contextfake news, Russian troll factories, the hack of the DNC and other efforts to spread disinformation. As the New York Times reported over the weekend, there are virtually no forensics that have been done to assess whether or not any effort was made to actually manipulate electoral datavoter databases, registrations, and actual votes. Though there have been some indications of such efforts, to date there has been only limited evidence. Before the last election, concern was sufficiently great that DHS moved to designate the electoral system as critical infrastructurea move that was harshly condemned by pro-Trump Republican supporters. And so, at this juncture (with the 2018 elections just over a year away) it is fair to say that almost nothing has been done to enhance the cybersecurity of the actual electoral process.

Along come Senators Klobuchar and Graham, who have proposed an amendment (SA 656) to this years NDAA. [The amendments are printed in the Congressional Record and SA656 can be seen at pages S4574-77 of the July 27 edition.] The amendment is modest in its terms (no doubt because securing bipartisan agreement on any aggressive electoral reforms would be nigh on impossible). In summary, it does the following:

  • Tasks DHS and the Electoral Assistance Commission with developing a set of "best practices" for the cybersecurity of the electoral infrastructure; and
  • Authorizes Election Technology Improvement grants to the States to be used to address identified risks and vulnerabilities and to purchase new and/or upgrade older election system hardware.

While it is hard (indeed almost impossible) to object to any of the purposes behind the Klobuchar/Graham proposal, it is depressing, indeed, to see that so little is possible. A set of best practices and a promise to throw money at the problem is the barest of starts on a difficult problem. And, one suspects, in these times of fiscal restraint, even the promise of money may not be realistic.


Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company and a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, a Senior Fellow in the Tech, Law & Security program at American University, and a Board Member of the Journal of National Security Law and Policy.

Subscribe to Lawfare