Cybersecurity

The Year Ahead: Pressure mounts on election security as 2020 approaches

Pressure is already mounting on Congress to secure the 2020 presidential race from foreign cyberattacks or interference just weeks after the midterm elections.

Lawmakers expressed frustration at failing to pass a bill during the current session, but are vowing to resume their work in January.

“Yeah, it’s next Congress,” Sen. James Lankford (R-Okla.) told The Hill last week. Lankford and Sen. Amy Klobuchar (D-Minn.) in 2017 introduced the bipartisan Secure Elections Act, seen as the best shot of passing legislation before the midterms.

{mosads}

“[Klobuchar] and I are not going to drop it, we’re going to keep working it through, but it’s not going to be the next two weeks,” Lankford vowed.

Lawmakers, though, will take up their work with less time to bridge differences and before the 2020 cycle moves to full swing. And there may be new questions for lawmakers to address.

Congress had high hopes of passing election security legislation after the intelligence community concluded in January 2017 that Russia had interfered in the presidential election. But those hopes were dashed when a GOP-led committee held up the Lankford-Klobuchar bill earlier this year, a decision some Democrats blamed on the White House.

The House version of the legislation will also suffer a blow come January, as two Republicans in the bipartisan group of four behind the bill — Reps. Tom Rooney (Fla.) and Trey Gowdy (S.C.) — retire.

There has been widespread frustration, with some Democrats lashing out at President Trump.

Sen. Mark Warner (D-Va.), the vice chairman of the Senate Intelligence Committee, which is investigating Russia’s election interference, said at an event at the Center for a New American Security on Friday that the White House was responsible for blocking the bill.

“In a normal administration, in a normal world, after we had a foreign nation attack our basic election system the way the Russians did … the only entity that could really bring about increased election security would be presidential or White House leadership,” Warner said.

“That didn’t happen,” he added.

Supporters insist they are ready to try again, this time with a House under Democratic control and with Republicans dealing with the National Republican Congressional Committee’s own data breach during the midterm cycle.

But there are obstacles ahead, including the divided Congress.

Senate Democrats like Sen. Ron Wyden (Ore.) have introduced legislation to guard election systems from cyberattacks, earning praise from election security advocates. But those measures are unlikely to move in the GOP-controlled Senate. Legislation that House Democrats move will also need to find support in a Senate that will have 53 Republicans.

Klobuchar has taken the lead on pushing bipartisan measures, and less comprehensive bills may stand a better chance of reaching Trump’s desk.

Last month, she introduced a bill with Sen. Dan Sullivan (R-Alaska) to create a global information-sharing program on best practices for election security. The measure is a companion to a similar bill passed in the House earlier this year and backed by Reps. Joaquin Castro (R-Texas) and Mark Meadows (R-N.C.).

Klobuchar said in a statement to The Hill that, in 2016, the U.S. and its allies “weren’t fully prepared to take on the threat of election hacking from foreign adversaries.”

“There are lessons to be learned from the last two elections—we can and should share that expertise and coordinate with our international allies,” she said.

Despite criticism, the administration has highlighted the issue at times.

Trump earlier this year signed an executive order requiring the director of national intelligence to investigate whether any foreign interference took place during U.S. elections, and then hand over the findings to the departments of Treasury and State to determine if any penalties, such as sanctions, are necessary.

Defense Secretary James Mattis said last month that Russia interfered in the November elections, the first confirmation from the administration of election meddling in the midterms.

The Justice Department also indicted a Russian national just days ahead of the midterms for taking part in an ongoing election interference effort. The woman was alleged to be part of Project Lakhta, a Russian influence operation, rather than a plot to attack U.S. election infrastructure.

Congress has taken some steps, to be sure. Lawmakers this year authorized $380 million in funding for states to secure their election systems.

But that funding largely did not arrive in time for the states to fully utilize it in the 2018 midterms. And election officials note that there is no consistent source of funding for election security, a provision they want remedied in an election security law.

Funding to help states will be a top priority in the coming year.

Jim Condos, the secretary of state for Vermont and the president of the National Association of Secretaries of State (NASS) told The Hill that states need to have funding on a regular basis to make sure voting equipment is up to date. He said there often simply isn’t enough money in state budgets to make election security a priority.

He hopes Congress moves quickly on election security because it often takes time for states to implement new technology and requirements.

“I think, as we gear up for 2020, I would hope that Congress would recognize the urgency,” Condos said. “They might think we don’t have to deal with this ‘til late 2019 or early 2020, but we need to deal with it now.”

NASS has not taken an official stance on election security legislation.

Last week’s revelations that four top staffers at the National Republican Congressional Committee, a GOP campaign arm, likely had their emails surveilled by hackers added urgency to ensuring that political campaigns and groups are guarded from cyberattacks.

But that will also be a new question for lawmakers to struggle with. It’s unclear who is responsible for political groups’ cybersecurity.

Campaign officials generally are ill-equipped to make cybersecurity a priority. And Homeland Security officials have said that it’s difficult for them to offer cybersecurity support for groups like the Democratic and Republican national committees because their work is inherently political.

Generally, more than two years after the 2016 election, Congress faces a lengthy to-do list.

The Election Assistance Commission (EAC), a federal agency tasked with helping state and local officials carry out elections, has suggested that it may take up the issue of how to protect political campaigns and groups.

But the agency is currently one short of the minimum three commissioners needed to enact major policy moves.

The Senate Rules Committee just last week advanced two nominees for the vacant  spots.

Committee Chairman Roy Blunt (R-Mo.) told reporters last week that he is encouraging Senate leadership to bring up the nominees for a vote before the end of this Congress, but also said he won’t bring up broader election security issues in the lame-duck.

Condos said a fully staffed Election Assistance Commission is essential to helping states administer their elections. He added that the agency could work with the Homeland Security Department on the issue.

But that depends on Congress acting.

“[The EAC] needs to be fully complemented, to be fully funded, to be fully staffed to deal with the issues that we have,” he said.