Top Democrat demands answers on election equipment vulnerabilities

Top Democrat demands answers on election equipment vulnerabilities
© Greg Nash

Sen. Ron WydenRonald (Ron) Lee WydenWyden blasts FEC Republicans for blocking probe into NRA over possible Russia donations Wyden calls for end to political ad targeting on Facebook, Google Ex-CIA chief worries campaigns falling short on cybersecurity MORE (D-Ore.) is demanding answers from the Election Assistance Commission (EAC) as to how the federal agency plans to secure election equipment amid reports that most machines depend on software that will soon be out-of-date and vulnerable to cyber attacks.

In a letter dated July 12 that was released on Monday, Wyden asked EAC Chairwoman Christy McCormick how the agency plans to address this “looming cybersecurity crisis.”

ADVERTISEMENT

“Intelligence officials have made it clear that Russian hackers targeted our elections in 2016, and that they expect similar threats in 2020,” Wyden wrote. “The continued use of out-of-date software on voting machines and the computers used to administer elections lays out the red carpet for foreign hackers. This is unacceptable.”

The Associated Press recently reported that the majority of U.S. counties use election management systems that run on Windows 7, an outdated operating system that Microsoft will stop updating in January. The systems are responsible for programming voting machines and tallying votes.

Wyden focused his questions on whether products created by Election Systems and Software (ES&S), one of the major U.S. voting equipment manufacturers, would be decertified by the EAC prior to the 2020 elections. According to EAC documentation, the equipment uses Windows 7.

Wyden gave McCormick a July 26 deadline to respond to his questions.

The Oregon senator has been a leading voice on the topic of election security, introducing the Protecting American Votes and Elections Act with 14 Senate Democratic co-sponsors in May. The bill would give the Department of Homeland Security the authority to set mandatory cybersecurity requirements for every aspect of the election system.

There are no nationwide mandatory cybersecurity standards for elections.

The bill has been referred to the Senate Rules Committee, where it is unlikely to see action due to Committee Chairman Roy BluntRoy Dean BluntEx-CIA chief worries campaigns falling short on cybersecurity GOP group targets McConnell over election security bills in new ad Budget deal sparks scramble to prevent shutdown MORE’s (R-Mo.) opposition to marking up any election security legislation.

“New federal election laws would not be the right thing to do, so I assume we’d have no legislation like that come through the Rules Committee,” Blunt told The Hill last week following a classified Senate election security briefing.