The Trump administration has told states exactly how much of a $380 million fund they will get to make their voting systems more cyber-secure ahead of the 2018 midterm elections.
The funding, made available through a $1.3 trillion omnibus package passed last week, is one of Congress’s first major steps to prevent a repeat of Russian hackers’ meddling in U.S. elections. The money can be used to upgrade state computer systems and offer cybersecurity training to election officials, among other things.
California, Florida, New York and Texas together will get a quarter of the cash, with California leading the pack with about $35 million. A full breakdown of the funding can be found here.
The money is a “breakthrough for election security and the health of our country’s democracy,” said Lawrence Norden of the Brennan Center for Justice at NYU Law.
Lawmakers hailed their slice of the pie. “This federal funding will help ensure state and local election officials have the information and resources they need to protect our elections from foreign influence,” said Sen. Tammy Baldwin, D-Wis., welcoming the $7 million her state will receive.
However, Baldwin and other legislators and analysts say the funding is necessary but insufficient to protect voting infrastructure.
In a statement to CyberScoop, Rep. Jim Langevin, D-R.I., co-founder of the Congressional Cybersecurity Caucus, welcomed the $3 million his state is set to receive, but emphasized that the money is “just a down payment and that we will need to continue to make investments in securing all aspects of our voting process.”
Marian Schneider, president of Verified Voting, a nonprofit that advocates for voting accuracy and transparency, said the money is “a good first step” but not enough to replace paperless voting machines that could fall prey to digital manipulation.
Thirteen states use such paperless systems.
“Even if all of the funds were used to replace equipment, these funds would only be a fraction of the amount required in New Jersey, Louisiana, Pennsylvania, Indiana, Georgia, South Carolina, and Mississippi,” Schneider said.
The U.S. intelligence community concluded that Russian hackers meddled in the 2016 presidential election, and U.S. officials believe Russia is continuing its information-influence operations ahead of crucial midterm elections this fall.
Lawmakers have voiced growing concerns about the cyber-vulnerabilities of voting systems. Forty states have been operating decade-old election equipment, much of which has “outdated software you weren’t able to upgrade even if you chose to,” Sen. Mark Warner, D-Va., said recently.
States become eligible for the funding after submitting a budget and description of how they will use the money to the Election Assistance Commission, the federal organization administering the money. States must match 5 percent of their allocated funding within two years.
“The EAC is committed to making these funds available as soon as feasibly possible, and we fully expect this money will be deployed in meaningful ways to support the 2018 elections,” EAC Chairman Thomas Hicks said in a statement.
Department of Homeland Security Spokesman Tyler Houlton said the department is ready to support states in their efforts to bolster voting-system security, whether through classified cyber-threat briefings or scans of local computer systems.
The ball is nonetheless firmly in the states’ court to chart their own course in protecting their voting systems. John Conklin, director of public information for the New York State Board of Elections, told CyberScoop that the board is looking for a $5 million increase in its budget for the fiscal year beginning April 1. Some of that money would be used to hire more cybersecurity staff and “implement a number of security measures,” Conklin said.
In the meantime, he added, New York officials have carried out a range of cybersecurity practices, including participating in incident-response exercises with federal, state, and county partners.