More than 100 cybersecurity and voting experts are urging the government to make the U.S. voting system more secure.
The experts — which come from various industries, from business and academia to technology non-profits — signed a letter addressed to Congress on Wednesday suggesting how three major objectives need to take place to protect the integrity of the system and restore voter confidence.
The letter comes as Jeanette Manfra, acting deputy undersecretary for cybersecurity and communications at DHS, told the Senate Intelligence Committee hackers targeted election-related systems in 21 states last year.
The letter alleges many jurisdictions are unprepared to handle an increase in cybersecurity risks. To start, the experts believe all jurisdictions should create voter-verified paper ballots and phase out electronic voting machines.
Other suggestions include better security safeguards that can detect attacks and mandated election audits before federal election results are made official. Only two states, Colorado and New Mexico, conduct post-election audits that can detect potential attacks.
The letter also suggests creating software barriers between the internet and election data, such as voter registration and election management systems. The technology that supports voting systems should be up-to-date with the latest patches and software upgrades too, it states.
“These are very stark recommendations,” said Joseph Lorenzo Hall, chief technologist at the Center for Democracy and Technology.
“Election officials don’t realize how much of what they do implicates concepts of security and defense, and they’re also protecting [the system] against the worst hackers out there: nationstate adversaries.”
Hall, who is one of two signatories from the CDT, said the letter has been in the works for almost 10 months — since before the election. Officials have concluded the 2016 presidential election was targeted by Russian hackers.
Although the letter provides a starting point for increased voter security, Hall said there are more solutions to consider. For example, the government could mandate two-factor authentication to require a log-in token beyond a password to access certain platforms including email. It could also require election officials to receive training on how to recognize hacking tactics like phishing.
During the Senate Intelligence Committee hearing in Washington D.C. on Wednesday, Steve Sandvoss — executive director of Illinois State Board of Elections — said security training funded by a federal entity would be beneficial in the future. Illinois was the victim of an ongoing cyberattack against its voting registration database last summer.
Despite the relative simplicity of establishing these safeguards, it will require a significant financial investment from states and counties, and new legislation, to implement them.