Senators press federal election officials on state cybersecurity

Senators press federal election officials on state cybersecurity
© Getty Images

Senators on Wednesday pressed top officials from the U.S. Election Assistance Commission (EAC) about their efforts to boost state cybersecurity election systems, with a focus on whether each state should have a mechanism in place to audit their results.

“Many elections across the nation do not have auditable elections. They are done completely electronically,” Sen. James LankfordJames Paul LankfordOutdated global postal system hurts US manufacturers Tech mobilizes to boost election security State Department unit created to fight foreign election interference still waiting on funding: report MORE (R-Okla.) told the panel of witnesses at a hearing on election security preparedness convened by the Senate Rules and Administration Committee.

Thomas Hicks, the head of the EAC, indicated that states decide whether they want to have auditable elections.

The EAC, established in 2002, is a bipartisan commission tasked with developing guidance to meet requirements like maintaining the national mail voter registration form, “adopting voluntary voting system guidelines, and serving as a national clearinghouse of information on election administration," according to its website.

Sen. Angus KingAngus Stanley KingRestoring our national parks would be a bipartisan win for Congress Restore our parks Renaming Senate office building after McCain sparks GOP backlash MORE (I-Maine) pressed Hicks on whether there should always be a paper backup to determine accurate counts.

"It depends on the state,” Hicks said. "If we can do security with paper, to make sure it is accessible to those who have disabilities, then I would say that is 100 percent right that we should have a paper backup."

Hicks said states are not required to have an auditable ballot trail, despite requirements under the Help America Vote Act (HAVA) that they must abide by in order to receive federal money.

The hearing comes amid heightened security concerns that malicious actors may seek to interfere in the November midterm elections, following the U.S. intelligence community's assessment that Russia meddled in the 2016 presidential election.

Election officials at the state level are responsible for picking cybersecurity protection monitoring services, Hicks said, adding that it falls on states to determine whether a company is reputable.

"We don't give that sort of specific advice," Hicks said. "Individual election officials have to be vigilant in terms of knowing that there are going to be pop-ups out there looking to make a quick buck."