Security experts praise Senate's election cybersecurity proposal
Las Vegas voters cast their ballots at Shadow Ridge High School on Election Day, 2016. Photo: Ethan Miller/Getty Images
A Senate Intelligence draft report proposing an election cybersecurity strategy is getting good reviews from security experts.
What they are saying: "Wow. That is a very good set of initial findings," said Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology who consulted on voting machine security in three states, via email.
Hall added: "[T]his represents an important and reasonably comprehensive set of non-partisan measures that would reinforce the machinery of democracy, and put other potential foreign influences on notice that we're not a soft target."
"It finally demonstrates that Congress - at least in part - is taking the issue seriously."— Jane Holl Lute, former deputy director of DHS.
What is in the draft: The Senate Intelligence Committee offers a multi-pronged proposal to:
- Reaffirm that states are in charge of elections: States frequently fear that any offer of help from the federal government to help bolster election security is the first step toward nationalizing elections. The lawmakers clearly state this is not for that purpose.
- Clarify to foreign powers there will be consequences to attacks.
- Develop new election systems security guidelines. The proposal puts DHS in charge of developing new, voluntary security guidelines.
- Improve threat intelligence sharing from the intelligence community.
- Provide fiscal resources for the states. That would include grants to hire additional personnel, purchase new equipment and fund audits to ensure voting accuracy.
Yes, but: While the committee is suggesting steps, it is not proposing actual legislation. That, they said during a press conference today, would come out of other committees.
Bottom line: The threat to sharing, Lute said, has to involve more than just the classified intelligence referred. Last week, a general information sharing system, known as an information sharing and analysis center (ISAC), was set up to handle unclassified information sharing. "It's not just about [secure facilities] and security clearances," said Lute.