Voters prepare to cast their ballot in the Democratic primary in Philadelphia, Pennsylvania, June 2, 2020, photo by Rachel Wisniewski/Reuters

commentary

(The Baltimore Sun)

Keep Voters Healthy. Keep Elections Secure. Can the U.S. Do Both?

Voters prepare to cast their ballot in the Democratic primary in Philadelphia, Pennsylvania, June 2, 2020

Photo by Rachel Wisniewski/Reuters

by Quentin E. Hodgson and Jennifer Kavanagh

June 22, 2020

State and local elections officials—nervously eyeing the fall for a potential second wave of COVID-19—are scrambling. With only five months before the presidential election, they are scouting larger polling places to enable social distancing and planning to mail and scan more absentee and mail-in ballots than ever.

But in addition to keeping poll workers and voters safe from viral transmission, there is a second major risk: how to keep the election itself secure from cyber threats.

During the recent months of the pandemic, U.S. adversaries have stepped up both cyberattacks and disinformation campaigns. The United States should expect them to also take advantage of the logistical challenges of voting in a COVID-19 world to redouble their efforts against elections.

Cyber threats to U.S. elections came into sharp relief in 2016, when Russia conducted operations (PDF) to influence the electorate and infiltrate voting systems. In January 2017, the Department of Homeland Security declared elections to be “critical infrastructure” and embarked on an extensive cybersecurity support effort. It established, for example, the Elections Infrastructure Information Sharing and Analysis Center which provides elections officials with cybersecurity alerts, vulnerability assessments and response aid when experiencing a cyberattack.

Congress pitched in too, appropriating $380 million under the Help America Vote Act (HAVA) in 2018—about 40 percent of which states planned to spend on cybersecurity. This year Congress appropriated an additional $425 million to states.

But now the pandemic has devastated state budgets. HAVA fund administrators at the federal Elections Assistance Commission felt compelled to issue guidance saying states can use these funds for health-related safety needs.

This was necessary and prudent; mitigating the health risks and reassuring anxious voters is paramount to ensuring a smooth running of the election in the fall. States are furiously rolling out new processes, scouting polling places that can accommodate social distancing and preparing for unprecedented volumes of absentee and mail-in ballots. Each of these moves is costly, however, and states must pursue all of them simultaneously. A recent Brennan Center report (PDF) argues that states will need significantly more funding to prepare for the November election, noting for example that the federal grant would only cover roughly 10 percent of the estimated $110 to $124 million Georgia alone would need to spend between now and Election Day.

Meantime, the cyber threats to voting systems have not diminished; indeed they may be elevated as adversaries see an opportunity in the crisis. Even as they rush to buy high-speed optical ballot scanners and distribute vote-by-mail request forms, election officials must continue to safeguard their (old and new) IT infrastructure. Voter registration databases, electronic pollbooks used to check in voters, websites publishing vital information about changes to voting processes—all these need to be kept secure. States are likely to need yet more federal funding, particularly given that most states will have to balance their budgets even as tax revenues crater this year.

Other options are available to states—and all of them may be needed. The federal government, for instance, could offer assistance via Homeland Security's cybersecurity agency, which could corral resources and manpower from the Department of Defense (including the National Guard), FBI and the intelligence community.

Private companies—including Microsoft, Akamai, and Cloudflare—provided free cybersecurity services to elections officials in the run-up to the 2018 midterm elections. They could renew that offer of help. Other private companies could add their support and provide software, hardware or other equipment needed to support safe polling places, efficient and secure remote voting options, and the public education campaigns needed to tell citizens about their voting options.

And finally, all citizens should figure out early on their voting options and make a plan for how they are going to vote. The integrity of our elections is central to the health of our democracy, no less so now that we also have to worry about the health of voters.


Quentin E. Hodgson is a senior researcher and Jennifer Kavanagh is a senior political scientist at the nonprofit, nonpartisan RAND Corporation.

This commentary originally appeared on The Baltimore Sun on June 22, 2020. Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.