New election cybersecurity funding likely to be only a stopgap

The funds help states accomplish three goals:

1. Pay for replacing unreliable paperless voting systems. While new systems provide paper trails, however, they rely on the same vulnerable hardware design.
2. Design trustworthy, transparent processes for ballot audits. Audits can detect anomalies, but only if they adopt proven practices statewide.
3. Fund election organizations to undergo post-election audit training, a process that will take years to implement. Anomaly detection is valuable, but doesn't impede adversaries from using stolen information to discredit an election.

The other side: This funding could also help states' election organizations pay for cybersecurity services, but likely for one-time events, such as basic training for non-technical staff (e.g., defending against phishing) or contracting cybersecurity professionals.

While professional IT services and training would mitigate some of the risk, none of these solutions will address U.S. election technology's fundamental vulnerability. And after 2018, election organizations will remain just as under-resourced to defend against adversaries as they were before.

The bottom line: In order to protect our democracy, the nation must start an intellectually honest discussion about how to design, develop and deliver a new election technology infrastructure.

John Sebes is a co-founder of the OSET Institute and CTO of its TrustTheVote Project. William Crowell is a former deputy director of the National Security Agency and a partner at Alsop Louie Partners.