The Senate Intelligence Committee on Tuesday released a draft set of bipartisan recommendations for enhancing the security of U.S. election systems, saying that adversaries should know that attacking the country’s election infrastructure would be taken as a hostile act.
The committee last year began its investigation into Russian attempts to target U.S. election infrastructure during the 2016 elections.
“The committee has reviewed the steps state and local election officials take to ensure the integrity of our elections and agrees that U.S. election infrastructure is fundamentally resilient,” the committee said in a preface to its draft recommendations. “The Department of Homeland Security, the Election Assistance Commission, state and local governments, and other groups have already taken beneficial steps toward addressing the vulnerabilities exposed during the 2016 election cycle, including some of the measures below, but more needs to be done.”
The committee is making six initial recommendations, most of them with a number of additional suggestions. The panel says that each state should continue to run its own elections and that the federal government should provide all necessary resources and information.
The panel offers a set of four recommendations for the federal government, and state and local officials, for building a stronger defense, including one on deterrence, which can be strengthened by making sure adversaries are aware that attacks on election infrastructure will be considered hostile “and we will respond accordingly.” Another component to effective deterrence is the creation of international norms of cyber behavior with allies and partners, the panel says.
Another recommendation on strengthening election security defenses includes suggestions around sharing information about threats, and asks the intelligence community to work to quickly attribute cyber-attacks and for the Department of Homeland Security to expedite security clearances for appropriate state and local officials. The committee also wants the intelligence community to quickly declassify information and warn state and local officials.
A third recommendation around strong defenses relates directly to securing election-related systems, and includes a suggestion for two-factor authentication for anyone logging into voter databases and another suggestion that state and local authorities take advantage of DHS network monitoring capabilities.
The committee also says that DHS should develop a risk management framework to help state and local election officials and that the department should create a list of voluntary best practices for election security.
The fourth recommendation around strong defenses is based on ballot box security, with suggestions for replacing older and vulnerable voting systems, state-directed audits of election results, and DHS education for voting machine vendors about potential vulnerabilities of their systems and supply chains.
The final recommendation is for Congress to “urgently” approve legislation for more assistance to states as well as the establishment of a voluntary grant programs that can be used by states to hire personnel, improve their technology, and contract for cyber security services.
The committee will host an open hearing on Wednesday morning as part of its ongoing examination of threats to U.S. election infrastructure.