Senators release new election cybersecurity bill

Senators release new election cybersecurity bill

Sens. Martin HeinrichMartin Trevor HeinrichCNN congressional correspondent talks about her early love of trolls and family Overnight Energy: DNC to reject fossil fuel donations | Regulators see no security risk in coal plant closures | Senate committee rejects Trump EPA, Interior budgets Energy commission sees no national security risk from coal plant closures MORE (D-N.M.) and Susan CollinsSusan Margaret CollinsThe Hill's Morning Report — Russia furor grips Washington Overnight Health Care: Novartis pulls back on drug price hikes | House Dems launch Medicare for All caucus | Trump officials pushing ahead on Medicaid work requirements Senate panel to vote next week on banning 'gag clauses' in pharmacy contracts MORE (R-Maine) introduced a multifaceted election cybersecurity bill Tuesday, including a bug bounty program for systems manufacturers and a grant program for states to upgrade technology. 

"While the Intelligence Committee’s investigation is still ongoing, one thing is clear: The Russians were very active in trying to influence the 2016 election and will continue their efforts to undermine public confidence in democracies," said Collins in a statement celebrating the bill.

"The fact that the Russians probed the election-related systems of 21 states is truly disturbing, and it must serve as a call to action to assist states in hardening their defenses against foreign adversaries that seek to compromise the integrity of our election process."

On a federal level, the Securing America's Voting Equipment (SAVE) Act would codify former Department of Homeland Security Secretary Jeh Johnson's declaration that elections are critical infrastructure. That would create a wealth of new, optional resources for states to use to harden election systems. 

It would ensure that states had officials with a security clearance to obtain classified threat intelligence from the director of national intelligence and authorize the director to share that intelligence. 

The bill would also provide direct assistance to the states through a grant program to upgrade election infrastructure that has been demonstrated to be unsecure.

SAVE would also establish a reward program in partnership with election system vendors known as a bug bounty program, to incentivize private researchers to root out security flaws in those systems. This could be useful, as hackers found mechanisms to breach every voting machine brought for testing at the DEF CON security conference this year. The conference lasted under a week. 

Election infrastructure is broader than merely voting machines. That infrastructure also includes electronic poll books and servers housing voter rolls. 

While there is no evidence that voting machines used in the 2016 election were hacked by any power, foreign or domestic, the intelligence community believes voter rolls and other state systems were targeted by Russia. 

States have often shunned federal assistance with elections, citing fears that it is the first step towards nationalizing what is constitutionally a state responsibility.