Considered opinionThe time to hack-proof the 2018 election is expiring — and Congress is way behind

By Martin Matishak

Lawmakers are scrambling to push something — anything — through Congress which would help secure the U.S. voting systems ahead of the 2018 elections.

It might, however, already be too late for some critical targets. By this point during the 2016 election cycle, Russian government hackers had already breached the Democratic National Committee’s networks for at least three months.

Martin Matishak writes in Politico that members of both parties insist they can get something done before Election Day 2018, but concede that the window is rapidly closing. Voters in Texas and Illinois will take to the polls in the country’s first primaries in just over three months — a narrow time frame for implementing software patches, let alone finding the funds to overhaul creaky IT systems, swap out aging voting machines, or implement state-of-the-art digital audits.

“Not a lot of time, no question,” Senate Intelligence Chairman Richard Burr (R-North Carolina), who is leading an investigation of Russia’s election-year meddling, told POLITICO.

Matishak continues:

Cybersecurity experts have long warned that America’s election system is a sitting duck for hackers looking to cause chaos. Voter rolls have regularly been stored on inadequately protected systems, and the country has for years relied on outdated electronic voting machines. At the state and local level, governments can lack the funds to hire elite cyber professionals or properly train staff.

And campaigns themselves are often harried and slapdash, with little thought given to digital security.

The 2016 election vaulted these realities into the public spotlight. The U.S. government accused Russian President Vladimir Putin of deploying his hackers in an orchestrated scheme to infiltrate political parties, campaigns and state election networks. The effort was wildly successful, pilfering and selectively leaking internal files from the Democratic Party and Hillary Clinton’s campaign, spurring intra-party bickering and generating weeks of splashy headlines based on the exposed personal emails.

And U.S. intelligence leaders have warned that Moscow will be back, leveraging the lessons of 2016 to try and destabilize future elections. Already, officials and researchers have accused the Kremlin of using similar tactics in subsequent elections around Europe.

Yet Capitol Hill has not passed any legislation that specifically addresses the issue.

….

Perhaps the most high-profile policy recommendations will arrive sometime early next year when Burr’s Senate Intelligence Committee releases the findings of its months-long examination of Russia’s digital meddling efforts. Burr and panel ranking member Sen. Mark Warner (D-Va.) have vowed their final report will include suggestions for how to ensure the Kremlin can’t repeat its 2016 success in future elections.

But it’s unclear if lawmakers will swiftly act on the committee’s advice — or if it would even help at that point.

“It’s high-time we got started, and it will be too late soon if there isn’t action,” said J. Alex Halderman, a University of Michigan computer scientist and a leading expert on digitally securing elections.

Halderman said it’s probably already too late for the midterms to make many hardware upgrades to voting equipment — such as replacing paperless, touch-screen machines with ones that produce a paper trail — and that there’s only a window of about six to nine months to make the switch in time for 2020, due to the winding procurement process involved.

….

Halderman noted that, “in terms of a coordinating, national effort to really address the cybersecurity threats to elections head-on, we don’t yet have that strategy in place and we need to get it going urgently — within the next very small number of months — if it’s going to help 2018 in a significant way.”

Read the full article: Martin Matishak, “The time to hack-proof the 2018 election is expiring — and Congress is way behind,” Politico (26 November 2017)