Bipartisan House committee members agree on cyber threats to elections, if not how to address it

Bipartisan House committee members agree on cyber threats to elections, if not how to address it
© Getty

Members of two House Science subcommittees drilled experts about the security of voting machines during a hearing Tuesday afternoon, putting the spotlight on election security as congressional Democrats continue to push for action on the issue. 

House members were given the chance to discuss the vulnerabilities of voting systems during a hearing held by the House Science subcommittees on investigations and oversight and on research and technology. While there was disagreement over specific Democrat-backed election security bills, subcommittee members seemed to come together over the need to address cybersecurity risks to voting machines.

ADVERTISEMENT

“When it comes to cybersecurity, the threat is constantly changing,” investigations subcommittee Chairwoman Mikie SherrillRebecca (Mikie) Michelle SherrillRepublicans plot comeback in New Jersey Assault weapons ban picks up steam in Congress Democratic veteran lawmakers call for return of assault weapons ban MORE (D-N.J.) said. “It is our responsibility in Congress to help states arm themselves with advanced, adaptive strategies to prevent, detect, and recover from intrusions.”

Investigations subcommittee Ranking Member Ralph NormanRalph Warren NormanConservatives call on Pelosi to cancel August recess Conservatives ask Barr to lay out Trump's rationale for census question Hillicon Valley: White House to host social media summit amid Trump attacks | Pelosi says Congress to get election security briefing in July | Senate GOP blocks election security bill | Pro-Trump forum 'quarantined' by Reddit | Democrats press Zuckerberg MORE (R-S.C.) said that the security of election systems is of “great importance,” while research and technology subcommittee Chairwoman Haley StevensHaley Maria StevensPro-Trump Republican immigrant to challenge Dem lawmaker who flipped Michigan seat House Dems, Senate GOP build money edge to protect majorities Hillicon Valley: White House to host social media summit amid Trump attacks | Pelosi says Congress to get election security briefing in July | Senate GOP blocks election security bill | Pro-Trump forum 'quarantined' by Reddit | Democrats press Zuckerberg MORE (D-Mich.) said that “security must be a priority at every step of our cherished democratic process.”

Research and technology subcommittee Ranking Member Jim BairdJames BairdHillicon Valley: White House to host social media summit amid Trump attacks | Pelosi says Congress to get election security briefing in July | Senate GOP blocks election security bill | Pro-Trump forum 'quarantined' by Reddit | Democrats press Zuckerberg Bipartisan House committee members agree on cyber threats to elections, if not how to address it 3 combat veterans unite on first day of new Congress: '5 eyes. 5 arms. 4 legs. All American.' MORE (R-Ind.) referred to Russian interference in 2016, specifically its targeting of 21 states’ voting systems, in noting “there is no doubt there is a need for improved security of our elections.”

However, this bipartisan spirit broke down somewhat during times that members discussed the Securing America’s Federal Elections (SAFE) Act, which the House is scheduled to vote on this week. The bill was approved along party lines by the House Administration Committee last week and fast tracked to the House floor for a vote. It would authorize millions in funding for states to address election security issues, and establish cybersecurity standards for voting machines. 

Norman described the Democrat-backed SAFE Act on Tuesday as being sent to the floor “in order to satisfy far-left progressives with yet another messaging bill that thankfully has no chance of ever being considered by the Senate.”

Senate Majority Leader Mitch McConnellAddison (Mitch) Mitchell McConnellMcConnell rejects Democrats' 'radical movement' to abolish filibuster Hickenlooper announces Senate bid Trump orders elimination of student loan debt for thousands of disabled veterans MORE (R-Ky.) has consistently refused to allow a vote on a variety of Democrat-backed election security measures in recent weeks, despite constant Democratic pressure on him to move forward on this issue.

Rep. Michael WaltzMichael WaltzSenators introduce legislation to boost cyber defense training in high school Overnight Defense: House votes to block Trump arms sales to Saudis, setting up likely veto | US officially kicks Turkey out of F-35 program | Pentagon sending 2,100 more troops to border Florida lawmakers push DHS to notify voters, other officials of election system breaches MORE (R-) added that “I would have hoped we could have worked toward some bipartisan solutions” prior to the SAFE Act being voted on by the House. He noted that he and Rep. Stephanie MurphyStephanie MurphyLawmakers urge DNC to name Asian American debate moderator Democratic leaders seek to have it both ways on impeachment Senate committee advances 'deepfakes' legislation MORE (D-Fla.) are working to put together legislation creating an “alerts framework” that would ensure that election officials and congressional members are notified if election infrastructure is targeted by a foreign government.

Despite pushback on this legislation, witnesses at the hearing, who included individuals from academia, government agencies, and state election groups, were united in the need to secure systems against cyber attacks.

One way this being done is by federal agencies themselves. 

Charles Romine, the director of the information technology laboratory at the Commerce Department’s National Institute of Standards and Technology (NIST), announced that NIST plans to issue an “election profile” of its framework of cybersecurity standards, widely voluntarily used by organizations across various sectors to ensure security.

Romine described this profile as being a “one-stop cybersecurity playbook” that can be used by state and local election officials to prioritize areas of elections where cybersecurity could be improved.

In addition to the election profile, NIST has been working with the Election Assistance Commission to put together version 2.0 of the Voluntary Voting System Guidelines (VVSG). These guidelines are a set of requirements against which voting machines can be tested to ensure they meet basic security, functionality, and accessibility.

John Benaloh, the senior cryptographer for research at Microsoft, testified that Microsoft supports the ability for the VVSG 2.0 to support the auditability of elections, and he hoped they would lead to “more current” and updated technology being used.

Benaloh also argued that Congress should create incentives for states to update election infrastructure to secure voting machines, noting that “this would greatly help us in moving forward towards a more secure ecosystem.”