(Bloomberg) -- U.S. states operating outdated and insecure voting machines face major hurdles in protecting them in time for the 2020 presidential election, officials said at a meeting of elections experts.
Budgets are strained, decision-making authority is diffuse and standards put in place years ago haven’t kept up with today’s cyberthreats, according to testimony Thursday to the Election Assistance Commission in Silver Spring, Maryland.
The Senate Intelligence Committee reported last month that Russia engaged in “extensive” efforts to manipulate elections systems throughout the U.S. from 2014 through “at least 2017.” The Brennan Center for Justice reported Thursday that states will have to spend more than $2 billion to protect their election systems in the next five years, including replacing outdated machines or purchasing software to protect existing equipment against hackers.
Updating software is a “regular and important part” of cybersecurity, the Center for Democracy & Technology warned in a statement. But even when a software patch is available, states can’t compel “severely under-resourced” local elections officials to buy and implement the improvement, said Jared Dearing, executive director of the Kentucky State Board of Elections.
State and local governments need to spend $833 million in the next five years on specific cybersecurity improvements to election infrastructure, about 40% of the total, according to the Brennan Center report.
On top of those hurdles, Dearing said, the process of certifying elections equipment to federal standards leaves machines in “a time capsule of when that system was developed.”
The commission was created in 2002 to establish voting machine standards for manufacturers and vendors in the aftermath of the irregularities exposed during the 2000 presidential election. Many voting machines across the U.S. haven’t been updated since the first generation of rules were approved in 2005. The commission has been debating new standards and will review new security requirements on Sept. 5.
Even if the new regulations were to be approved next month, it will take voting machine manufacturers as long as five years to build and roll out new machines, Commissioner Benjamin Hovland said in an interview with Bloomberg News last month.
“My biggest ask of this organization is to hustle up with certification and standards,” Connecticut Secretary of State Denise Merrill said. “People are out buying things right now and they need help.”
Elections pose other unique obstacles as well.
“If an important (software) patch comes out three to four weeks before an election, it causes us to wait to implement because we can’t interfere in the election process that is already in motion,” said Kyle Ardoin, Louisiana’s secretary of state.
The Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security is offering election equipment vendors testing to detect vulnerabilities -- a program gaining “increased interest,” said Geoffrey Hale, the director of he elections division of CISA.
Merrill said local elections officials are hard-pressed to ensure the safety of their equipment.
“My biggest fear is vulnerability at the local level, and so that’s exactly what we’re working on,” said Merrill.