The Senate Intelligence Committee on Tuesday released a summary of its election security report, the first report the panel has issued in its yearlong investigation into Russian interference in the 2016 election.
The committee affirmed that U.S. election infrastructure is “fundamentally resilient,” but nevertheless put forth a slate of six recommendations, the bulk of which are tailored to the principle of state-level responsibility for running elections.
“States should remain firmly in the lead on running elections, and the federal government should ensure they receive the necessary resources and information,” reads the first recommendation — an apparent nod to state-level pushback to a 2016 decision by former Department of Homeland Security (DHS) Secretary Jeh Johnson to designate election systems “critical infrastructure.” {mosads}
Among the more concrete proposals in the summary is a call for Congress to “urgently” pass legislation that would increase federal assistance for states and provide a voluntary grant program to help states boost cybersecurity and conduct audits of their systems.
The panel, led by Sens. Richard Burr (R-N.C.) and Mark Warner (D-Va.), does urge the federal government to establish more effective deterrence for future vote-based attacks, calling for it to “clearly communicate to adversaries that an attack on our election infrastructure is a hostile act, and we will respond accordingly.”
It also calls for a perennial wish of cyber-minded legislators: the establishment of international cyber norms. Foreign policy and cybersecurity experts — including lawmakers — have long expressed frustration that there is no clear definition of what constitutes an act of war in cyberspace.
Lawmakers have been grappling with how to boost the cybersecurity of election infrastructure ever since officials at the Department of Homeland Security (DHS) disclosed that Moscow tried to hack into voting infrastructure in 21 states as part of a broader effort to interfere in the 2016 election.
While officials say most of the efforts involved preparations for hacking and did not result in successful breaches, the revelation has triggered concern about the vulnerability of U.S. voter registration databases and other digital systems involved in elections. Illinois has confirmed that hackers breached the state voter registration database.
Sen. James Lankford (R-Okla.) — a member of the Senate Intelligence Committee — and a bipartisan group of senators have introduced a bill called the “Secure Elections Act” that would, among other things, authorize block grants to help states upgrade outdated voting technology and expedite the process by which state election officials receive security clearances to view sensitive threat information.
Despite lawmakers’ concerns, Congress has yet to pass legislation specifically addressing the cybersecurity of voting infrastructure, partly because some state officials have resisted the efforts, fearing an overreach by the federal government.
Meanwhile, Homeland Security has been providing election security assistance to states as part of the new designation of election systems as critical infrastructure, a decision made in the waning days of the Obama administration following Russian interference.
Officials have been providing cyber hygiene scans and rigorous risk and vulnerability assessments to states that request them, as well as briefing election officials on any threat activity.
The election security report is the first public documentation of the Senate intel panel’s inquiry into Russian interference in the election, a mainly closed-door investigation that has stood in stark contrast to its more raucous counterpart in the House.
Both panels probed both the issue of the Russian active measures campaign and the question of whether or not the Trump campaign colluded with Moscow to swing the election.
The Senate summary released on Tuesday does not address the issue of alleged coordination or collusion and focuses solely on recommendations to shore up election infrastructure.