Senate intel committee creates 6-step plan for election security

A day before the intelligence committee's open hearing on improving election security, the lawmakers released their recommendations.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
4 min read
Polling Machines Are Prepared For Tuesday's Presidential Election

Voting machines in 40 states were outdated, the Senate Intelligence Committee said.

Drew Angerer / Getty Images

The Senate intelligence committee on Tuesday released its recommendations for stopping hackers from tampering with  elections.

The recommendations include six key steps that state and local election officials can follow to protect their voting machines and databases. They come as lawmakers are increasingly worried about the US election infrastructure, given attempted cyberattacks over the last several years.

"It is clear the Russian government was looking for vulnerabilities in our election system, and highlighted some of the key gaps," Sen. Richard Burr, a North Carolina Republican and the committee chairman, said at a press conference Tuesday. "Russia was trying to undermine the confidence of our election system."

Senators are hosting an open hearing on Wednesday to discuss the issue further, with representatives from the Department of Homeland Security and the Election Assistance Commission expected to testify.

Watch this: Hackers target 30 voting machines at Defcon

Election security has been an on again, off again concern over the last decade as states, counties and cities adopted electronic voting machines, but attention was greatly heightened after the DHS announced in September 2017 that Russian hackers had made numerous attempts to break into the nation's electoral systems. 

Russian meddling was prevalent throughout the 2016 presidential election, through propaganda campaigns on social media and phishing attacks on the Democratic National Committee. Attempted attacks on voting machines and election infrastructure would strike a different nerve because they would mean hackers could alter votes directly.  The DHS noted that vote counts were not affected in the attempted attacks on 21 states. 

"We were all disappointed that states, the federal government and the DHS were not more on their game in advance of the 2016 presidential election," said Sen. Mark Warner, a Democrat from Virginia who serves as the committee's vice chair.

Here's how the six recommendations break down: 

Reinforce states' primacy in running elections
The individual states need to be in charge when it comes to running elections. The federal government should make sure that all states are getting the resources they need for security, according to the document.

"The federal government should partner with the state to truly secure its systems," Burr said.

Senators said the federal government needs to do more to support state election officials, including with funding and security resources.

Create effective deterrence
The US government needs to properly respond to any attempted attack on US election systems and work with the US' allies to establish "new international cyber norms." The committee pointed to attempted cyberattacks on elections in France and Germany as examples of how the international community needs to work together.

The recommendation calls for US officials to recognize attempted attacks on election infrastructure as a "hostile act" and respond accordingly. The senators said the attempted attacks on 21 states during 2016 were a hostile act.

Improve information sharing
The intelligence community needs to put a high priority on attributing responsibility for cyberattacks. The DHS needs to make sure federal, state and local  governments can share information on attacks with each other efficiently, and build a proper response. 

Secure election-related systems
Election officials should take basic security steps like two-factor authentication for logging into voter databases. States should also work with the DHS to create guidelines on best cybersecurity practices. That means making sure election officials are trained to not click on suspicious emails and have risk management plans if they are hit with malware.

Secure the vote itself
States need to quickly replace their outdated voting systems. All electronic machines should have a paper trail, and should not be connected to Wi-Fi. 

"There were still 40 states that were operating with election equipment that was more than a decade old," Warner said. "Much of that equipment had outdated software that you weren't even able to upgrade even if you chose to." 

But certain old-fashioned systems could be an improvement over outdated ones.

"Look at where we are, in the year of our lord 2018, we're talking about paper ballots. But that actually might be one of the smartest systems," said Sen. Kamala Harris, a Democrat from California. "Russia cannot hack a piece of paper like they can a computer connected to the internet."

Assistance for the states
The federal government needs to provide funding for states to upgrade their systems and improve their cybersecurity practices. Election officials should hire information technology staff and buy new voting machines.

"We realize all of this security costs money. We want to make sure the federal government not only says we're a partner, but we are a partner," Burr said. 

Originally published March 20 at 9:42 a.m. PT.
Updated at 10:06 a.m. PT: To include details from the press conference.

Security:  Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at night.

Blockchain Decoded:  CNET looks at the tech powering bitcoin -- and soon, too, a myriad of services that will change your life.