Congress Moves Closer to Enhancing Election Cybersecurity
Congress is taking significant steps towards increasing the cybersecurity measures surrounding U.S. election technology. The Enhancing Election Cybersecurity and Preserving Respect for Elections through Independent Testing (Secure Information Technology) Act is included in this year’s Intelligence Authorization Act, which funds intelligence agencies like the CIA. This Act mandates federal certification to conduct penetration testing of voting machines and ballot scanners, as well as the creation of pilot programs to investigate election systems for vulnerabilities by independent researchers.
Importance of Stricter Election Technology Security
The Secure IT Act, originally introduced by U.S. Sens. Mark Warner and Susan Collins, aims to significantly enhance the security of critical election technologies. Senate Intelligence Committee Chairman Warner highlighted that this legislation allows researchers to think like adversaries and uncover hidden vulnerabilities within systems using the same tools and methods employed by malicious actors.
Addressing Vulnerabilities in Election Systems
Despite advancements in election security, the threat to voting machines was magnified by Russian interference in the 2016 election. The new bill seeks to address these concerns by enhancing federal standards and implementing independent safety audits. The first provision would codify the penetration testing added to the U.S. Election Assistance Commission’s certification process, ensuring thorough testing of voting machines and ballot scanners.
Furthermore, the second provision of the bill would require the EAC to pilot a vulnerability disclosure program for election technology, including systems not subject to federal testing such as voter registration databases and election results websites. This initiative allows cyber experts to hunt for vulnerabilities and report any flaws they find, ultimately enhancing the security of American democracy.