Amid ongoing investigations into Russia’s unprecedented cyberattacks around the 2016 election, this report outlines specific actions Congress and local election officials can quickly take to insulate voting technology from continued foreign interference. The authors focus on assessing and securing two of the most vulnerable points in the system: voting machines, which could be hacked to cast doubt on or change vote totals; and voter registration databases, which could be manipulated in an attempt to block voters, cause disruption, and undermine confidence when citizens vote.
Amb. R. James Woolsey, Director of Central Intelligence 1993–95, wrote the foreword for the report. He has been a key voice elevating the seriousness of the issue, and framing foreign interference as a pressing national security threat.
By Amb. R. James Woolsey, Director of Central Intelligence 1993–95
In the last few months, we have learned extraordinary details about a Russian assault on our election infrastructure. While there is no evidence that this assault altered the vote count, that fact should be cold comfort as we look to protect ourselves against future attacks.
One doesn’t have to be an expert on cybersecurity or election technology to understand how dangerous this is. Based on my experience, as a former Director of Central Intelligence, and in service to this country under both Democratic and Republican Presidents, I am confident the Russians will be back, and that they will take what they have learned last year to attempt to inflict even more damage in future elections. In particular, their history of interfering in other nations’ politics, their antipathy to the United States and Western democracies generally, and their proven ability to multiply the impact of their actions through cyberattacks should put us on the highest alert, and spur us to take all necessary actions to protect ourselves from further attack.
Of course, Moscow is not the only adversary that we have to worry about. North Korea has been implicated in the ransomware attack that locked up the computers of government agencies and businesses worldwide this May, while Al Qaeda and ISIS have a history of executing cyberattacks on foreign government websites. They too might be emboldened by Russia’s actions against us last year.
This report offers important guidance on how to protect ourselves. In particular, it looks at the two most critical parts of America’s election infrastructure: voting machines, which could be hacked to cast doubt on the integrity of vote tallies, or change them; and voter registration databases, which could be manipulated to block voters and cause disorder when citizens attempt to vote.
As the authors explain, much has been done to secure these systems in the last few years. But hackers have grown increasingly sophisticated in this time as well. And the state and local elections officials who are custodians of our election infrastructure often operate with highly constrained resources.
What more must be done? The key security measures detailed in this report are the right place to start: replace paperless electronic machines, upgrade the hardware and software that supports voter registration, and conduct post-election audits to confirm the results.
These are common-sense solutions that will increase security and public confidence in the integrity of our system. Importantly, they will do so without interfering with the right of any eligible citizen to participate in the choice of who will govern the nation.
Sadly, as polarization has increased in this country, even discussions of topics like how to safeguard our voting systems have broken down into partisan fighting, with each side looking for an advantage in the debate, and failing to take the steps necessary to secure our infrastructure from attack. We can no longer afford such indulgence. As has happened at key moments in our history, we face a test from outsiders who would like to harm us. We are forced to answer whether we can, once again, lay aside our differences to work together to protect the common interests of our nation.
The history of national defense shows that threats are constantly evolving. When the United States was attacked at Pearl Harbor, we took action to protect our fleet. When we were attacked on 9/11, we took action to upgrade transportation security and protect our ports and other vulnerable targets. We were attacked in 2016. The target was not ships or airplanes or buildings, but the machinery of our democracy. We will be attacked again. We must act again — or leave our democracy at risk.