Lawmakers eye cyber help for states

Lawmakers eye cyber help for states
© Getty

Efforts are growing in Congress to give states more federal help on cybersecurity, amid heightened fears about the vulnerability of state data systems.

A flurry of bills introduced this month would compel the federal government to share resources and assistance with state and local governments to fix cyber vulnerabilities and prepare for hacks.

At least one of the bills deals specifically with securing voting systems in the wake of Russia’s cyberattacks on political organizations during the 2016 campaign.

ADVERTISEMENT

That bill, introduced by Democratic Reps. Gerry ConnollyGerald (Gerry) Edward ConnollyHow lawmakers aided the Afghan evacuation Overnight Defense & National Security — Congress begins Afghanistan grilling Connolly rips Wilson over 'you lie' during Blinken hearing MORE (Va.) and Jim Langevin (R.I.), would offer grants to encourage states to use newer  and more secure voting systems. It would also give grants to states for boosting access to the polls.

“In 43 of the 50 states, we’re dealing with outdated voting equipment more than a decade old,” Connolly told The Hill. “We had Russian hacking, and we want to make sure people can feel secure about voting.”

The intelligence community concluded in January that Russian intelligence accessed some state and local electoral boards, as part of a broader cyber and disinformation campaign to undermine the election and damage Democrat Hillary ClintonHillary Diane Rodham ClintonDemocrats worry negative images are defining White House Heller won't say if Biden won election Whitmer trailing GOP challenger by 6 points in Michigan governor race: poll MORE’s candidacy.

While the Department of Homeland Security (DHS) determined that the systems accessed were not involved in tallying votes and that the election was not compromised, the Russian hacking campaign still stoked fears about the potential for foreign interference in future elections and the possibility of cyberattacks on state and critical infrastructure.

In one of its final acts, the Obama administration had designated voting infrastructure as “critical,” bringing federal protections to polling places, databases and other systems in states that ask for the help.

At the time, then-Secretary of Homeland Security Jeh Johnson acknowledged that the move was unpopular among many state and local election officials. He sought to reassure state and local officials that the assistance wasn’t intended to be a “federal takeover” of the election system.

Still, dozens of states requested help from DHS in securing their voting systems ahead of the election, following reports that election databases in Illinois and Arizona had suffered breaches.

Connolly said Monday that the federal government should be cooperating more with state and local governments on cybersecurity, and that he fears the prospects for future election hacking is growing.

“I think it’s only going to get worse given the aging equipment we’re using that is often not very secure,” Connolly said. “[The bill] is designed to appeal to Republicans. Our bill is not a mandatory bill; our bill is an incentive bill. If you do these things, we will provide grants to defray the costs.”

Connolly predicted that his legislation will not garner broad support from Republicans because of the provision aimed at boosting voter participation.

And the focus on Russia could make it hard to draw GOP support, as the White House downplays the effect of their hacks on the election.

But other legislative proposals to increase cooperation between the federal government and state and local officials on cybersecurity are likely to garner more bipartisan support.

Reps. Barbara Comstock (R-Va.) and Derek KilmerDerek Christian KilmerThe tale of the last bipartisan unicorns Head of House Office of Diversity and Inclusion urges more staff diversity House lawmakers roll out bill to invest 0 million in state and local cybersecurity MORE (D-Wash.) along with Sens. Cory GardnerCory GardnerProtecting the outdoors: Three cheers for America's best idea Ex-Sen. Cory Gardner joins lobbying firm Biden administration reverses Trump changes it says 'undermined' conservation program MORE (R-Colo.) and Mark WarnerMark Robert WarnerPanic begins to creep into Democratic talks on Biden agenda Democrats surprised, caught off guard by 'framework' deal Schumer announces Senate-House deal on tax 'framework' for .5T package MORE (D-Va.) earlier this month introduced the State Cyber Resiliency Act, which would set up a federal grant program to give states resources to develop and implement plans to guard against and recover from cyber threats.

Additionally, Sens. Gary Peters (D-Mich.) and David Perdue (R-Ga.) have reintroduced a bill that would boost coordination between DHS and state and local governments.

Their bill would require the department to give assistance and training — when requested — to state, local and tribal governments to prevent and respond to cyber threats.

Boosting its prospects, the Peters-Perdue bill has attracted support from a national group representing county governments.

“As county governments deploy modern technology to provide services to residents, it’s important that we have access to resources and expertise to address data breaches and cyber-attacks,” National Association of Counties executive director Matthew Chase said in a statement backing the legislation.

“Counties and states are also responsible for managing information that must be safeguarded for privacy and personal protection.”

The prospects for those bills this year, however, are uncertain, with lawmakers already facing a tight schedule with ObamaCare repeal and tax reform topping congressional Republicans’ agenda.

But state officials are now banging the drum on getting cyber help.

The National Governors Association held its annual meeting in Washington, D.C., last month, and made cybersecurity a focus of the governors’ talks.

Virginia Gov. Terry McAuliffe (D), the association’s chairman, said that his state alone was targeted by 86 million cyber attacks last year.