Of nearly $400 million the federal government provided states last year for strengthening their election systems, more than a third of the funds are planned to be spent on cyber security, the chairman of a House spending panel said on Wednesday.

Another 25 percent of the $380 million appropriated in fiscal year 2018 is being used to buy new voting equipment, Rep. Mike Quigley (D-Ill.), chairman of the House Appropriations Subcommittee on Financial Services and General Government, said at the outset of hearing on the integrity of U.S. Election Systems. The subcommittee’s jurisdiction includes the Federal Election Commission and the Election Assistance Commission (EAC), which provides the grants to the states under the Help America Vote Act (HAVA).

Rep. Mike Quigley (D-Ill.), chairman of the House Appropriations Subcommittee on Financial Services and General Government

Quigley said the EAC is still determining how much of the grant funds the states spent in the nine months but said the $380 million should be seen as “just an initial down payment.”

“It represents only a fraction of the total need across the country to replace outdated voting equipment and implement cyber security and other protections at the state and local level to ensure our election system can withstand future attempts of foreign interference,” he said.

Eric Rosenbach, chief of staff to Defense Secretary Ash Carter during the last three years of the Obama administration, agreed with Quigley that the recent round of HAVA grants are an “extremely important first step, however the states need a dependable source of funding to support the cyber security and upkeep of paper-backed electronic voting systems.”

Rosenbach, who also served as assistant secretary of defense for Homeland Defense and Global Security and is currently the co-director of the Belfer Center at Harvard Univ., also said that states and localities can’t be left to fend for themselves when it comes to protecting their election system infrastructures given “they’re taking the punches from the Russian intelligence service.” He said that U.S. Cyber Command “needs to be more proactive as I believe they have been,” citing a Washington Post story this week that the command shut down Internet access during last year’s congressional mid-term elections of a Kremlin-backed company that spreads misinformation designed to shape public opinion.

Steven Sandvoss, executive director of the Illinois State Board of Elections, agreed with Rosenbach on the role of the federal government in defending election systems against attacks, adding that it’s not a fair fight between his state and Russia. Another witness at the hearing,  J. Alex Halderman, a computer science professor at the Univ. of Michigan, said the government’s role in elections is “providing for the common defense,” saying the nation is “at risk” as long as there are states that have weak election systems.

Halderman said the highest priority for improving election security is having every state move to paper-based balloting with optical readers and strong audit trails. He added that states also need to replace older equipment, much of which hasn’t been upgraded with security improvements made in the past 10 or 20 years.

Sandvoss said it would take about $175 million to replace all of Illinois’ election systems equipment. He also said the state is “moving in the right direction” with its cyber security requirements but that this is an area of need. Ongoing cyber training is part of that effort and will be followed by understanding cyber vulnerabilities.

“Once they come up with their assessments, my suspicion is that most of the jurisdictions in this state are going to need extensive improvements to their cyber posture and that’s going to cost money,” he said.