WASHINGTON – Staying ahead of cyberattacks on states' election security systems is a race without a finish line, Minnesota Secretary of State Steve Simon told federal lawmakers on Wednesday.
"We have to stay at least one step ahead of the bad guys all the time," Simon said before a Senate panel. "There is no tape to cross, and no end zone where we can spike the football."
With the 2018 midterm elections looming, U.S. Sen. Amy Klobuchar, D-Minn., helped lead a hearing of the Senate Committee on Rules and Administration on how state and local governments are addressing election security, with testimony from the Department of Homeland Security and several secretaries of state from around the country.
Klobuchar highlighted legislation she has sponsored, dubbed the Secure Elections Act, to improve information-sharing between local election officials, national security officers and cybersecurity experts. And it would mandate minimum standards — a "floor," she said — for state election equipment, improve auditing, and give more resources to election personnel.
The measure has bipartisan support, but it may not become law in time to affect voting this year. Klobuchar, the ranking Democrat on the rules committee, stressed it would still be needed even if lawmakers don't act until after the election.
This spring's federal budget bill already set aside $380 million for state grants covering election security, with $6.6 million for Minnesota to hire people, buy equipment and upgrade technology. But that money can't be spent without approval from the Legislature, which tucked that provision into a much larger spending and policy bill that Gov. Mark Dayton vetoed for reasons not related to the election money.
"Hack us once, shame on them," said Klobuchar. "Hack us twice, shame on us if we don't do anything about it."
Some state officials are still cautious about federal overreach, even as Homeland Security has sought to work more collaboratively with them. "Election security is a national security issue," Matt Masterson, a senior cybersecurity adviser at Homeland Security, told the Senate panel.
Simon, a DFLer, noted that Russian hackers attempted to breach 21 states' election systems in 2016 — including Minnesota's, though that effort was unsuccessful. Since then, the state has worked with Homeland Security to address potential vulnerabilities. The risk of an attack affecting the outcome of an election is low, according to Simon, noting that the state uses paper ballots that are placed in an optical-scan machine; local offices report results by telephone and upload the data to an encrypted system. Officials conduct postelection audits and reviews.
But he asked lawmakers for ongoing federal resources to pay for hardware, software and expertise, adding that the stakes are particularly high given that Minnesota has the highest voter turnout in the nation.
"I believe that the number one threat to the integrity of our elections nationwide is the possibility of some outside infiltration or breach or attack by someone acting to influence our elections or to mess with the instruments of our elections," Simon told reporters after the hearing. Simon said he doesn't care whether it's Russia, another government, a private actor or the guy next door.
But Missouri Secretary of State Jay Ashcroft, a Republican, disagreed that's the top threat. He said suggestions that foreign hacking changed the outcome of elections discourages voting, "and that is reprehensible," he said.