Bipartisan bill calls for more coordination between federal, state officials on election cybersecurity

A bipartisan group of senators introduced legislation on Thursday that aims to protect U.S. elections from foreign meddling through cyberattacks, citing reports from the intelligence community that Russia explored such interference in the 2016 election.

The bill, called the Secure Elections Act, would facilitate communication among the federal, state and local levels of government on cyberthreats to elections. Specifically, it would require the Department of Homeland Security to expedite security clearances for state election officials to review information on such threats.

The legislation also seeks to provide guidelines for how to secure election systems and would provide grants states to implement those guidelines and upgrade their election equipment. The bill would also create a “Hack the Election” program that would allow independent researchers to assess the security of election systems. The provision doesn’t specify whether it would have to be a bug bounty program like the U.S. military’s recent efforts.

James Lankford, R-Okla., introduced the bill, with co-sponsorships from Amy Klobuchar, D-Minn., Kamala Harris, D-Calif., Susan Collins, R-Maine, Martin Heinrich, D-N.M., and Lindsey Graham, R-S.C. The measure arrives less than a year away from the next congressional elections.

Speaking on MSNBC’s “Morning Joe” Thursday morning, Lankford and Klobuchar stressed that the federal government needs to act in response to reports from DHS that Russian hackers scanned election systems of 21 states looking for vulnerabilities leading up to the 2016 election. Some states confirmed this notification, while other some others challenged the DHS and said their systems were never scanned or compromised.

“We’ve got to bolster up the states and what they’re doing to make sure that they can audit their systems and find a good way to be able to cooperate together and or we’re going to run into the same thing all over again,” Klobuchar said on the program. “We can talk about this all we want, but if we have a major hack into an election … then it undermines the very democracy that’s the foundation of our country.”

Lankford said that states must update their equipment to make votes are backed up in a way that can be verified in the event of meddling.

“Is their equipment auditable? Can you actually run a ballot there and then be able to verify it? If there’s someone that hacks into that system, we lose all credibility in that system. They’ve got to be able to have a backup verification,” Lankford said.

He added that states should review the supply chain of the components making up their voting equipment, as interference could happen before a machine is even fully assembled.

“We’ve got to know the supply chain. Is the supply chain verifiable? Have the Russians tried to engage in trying to affect any of the software on those machines beforehand?” he asked. “The last thing that you to have is a close election and a loss of trust on what actually happened.”

An experiment run by DEFCON earlier this year showed that much of the election equipment currently in use by several states is easily hackable. DEFCON highlighted the machines’ supply chain as a potential vulnerability, as many electronic components of voting machines are manufactured abroad.

The group of senators backing the new bill sit on an assortment of senate committees, including the Intelligence, Judiciary, Homeland Security and Rules Administration Committees, the latter of which oversees federal elections.

Lawmakers have been increasingly making noise about election cybersecurity, citing fears that Russia will try to interfere again in the 2018 general election, now less than 11 months away.

Lankfort and Klobuchar penned a letter on Tuesday urging new DHS Secretary Kirstjen Nielsen to make election cybersecurity a priority for her tenure. Earlier this month, Sen. Ron Wyden, D-Ore., published a letter asking White House national security adviser H.R. McMaster to take specific steps to increase coordination between the federal government and states on election cybersecurity.

In October, Collins and Heinrich introduced legislation to facilitate the security clearance process for state officials. It’s not clear the pair will continue to push for that bill, given its similarity to the one introduced Thursday. Staff for Collins and Heinrich did not immediately respond to request for comment.