Defending Elections: Federal Funding Needs for State Election Security

State and local election officials are on the front lines of a cyberwar with sophisticated nation-state rivals and other malevolent actors. As Robert Brehm, co–executive director of the New York State Board of Elections, recently put it, “It is not reasonable” to expect each of these state and local election offices to independently “defend against hostile nation-state actors.” ¹ State and local election systems have already been breached. In 2016 Russian hackers penetrated computer networks in two counties in the swing state of Florida, using information they had gleaned from a software vendor. ² That same software vendor may have opened a gap for hackers to alter the voter rolls in North Carolina, another swing state, on the eve of the election. ³ Episodes like these undermine faith in our democratic system, and steps must be taken to prevent them from occurring again.

Critically, in 2018 Congress provided $380 million in Help America Vote Act (HAVA) grant funds to help states bolster their election security. Grant recipient states had to submit a grant narrative—a list of specific election security projects (and estimated costs) that the state planned to fund with grant money—and provide a 5 percent state match within two years. Based on information that the states submitted to the Elections Assistance Commission (EAC) as part of the grant process, recipients are using the vast majority of this money to strengthen election cybersecurity, purchase new voting equipment, and improve postelection audits — all pressing needs around which there is broad bipartisan consensus. ⁴ The EAC has estimated that 85 percent of the money Congress has provided will be spent ahead of the 2020 election. ⁵

Unfortunately, given the myriad security challenges faced by these states, the $380 million is not enough to address the needs of state and local offices; many have substantial election security needs that likely will not be met absent additional federal support.

This paper examines six key states (Alabama, Arizona, Illinois, Louisiana, Oklahoma, and Pennsylvania) that represent different regions of the country, varied population sizes, and the full range of election security needs. It investigates how they have allocated their share of the 2018 federal election security grants and documents their needs for additional election security funding. States’ use of HAVA funds is tailored to their specific requirements and reflects the nature of the state and local governments that oversee elections. Likewise, their unfunded election security needs vary according to state-specific circumstances. While the authors have limited their review to a sampling of six states, it is clear that the other 44 states and the District of Columbia have similar unfunded needs. ⁶

In the wake of unsuccessful cyberattacks against the state voter registration database in 2016, Alabama Secretary of State John Merrill stated, “While it is encouraging that our efforts to protect Alabamians’ data have proven to be successful, we must remain vigilant and prepared for the constantly evolving threats to our voting systems and the integrity of those processes. We will utilize every resource available to ensure we are protecting the data of all Alabamians.”¹

As part of these ongoing efforts, Secretary Merrill has welcomed public and private election security partners, such as the U.S. Department of Homeland Security (DHS), into Alabama, taking advantage of a wide range of free resources available to further improve Alabama’s election security risk posture.² These partnerships are critical to many states that are, in Merrill’s words, “not rich when it comes to resources that are available for discretionary purposes or specifically [election security].” ³

While these partners can help identify vulnerabilities, best practices, and important support functions, they do not fund the personnel, training, and security measures necessary to secure vulnerabilities in Alabama’s election system. For these reasons, Secretary Merrill supports federal block grants for funding specific election security projects in the states and believes such grants “would be very helpful” to Alabamians. ⁴

Allocation of 2018 Federal Election Security Funds

Federal grant: $6,160,383

State match: $308,020

Total: $6,468,413

Alabama has designated the entirety of its federal election security grant and state matching funds toward the following four projects: ⁵

• Voter registration database upgrades and maintenance. With “more voters registered and more ballots being cast than ever before,” ⁶ the state is devoting $3 million to improve the voter registration database and its security features through upgrades, such as two-factor authentication (2FA), to ensure that voter data is secure and reliable.
• Computer equipment replacement and upgrades. The state is providing new computers and related equipment to each of the five primary election officials in all 67 counties at an estimated cost of $300,000. Alabama officials expect to complete this project by September 30, 2019. ⁷ One of the many cybersecurity challenges faced in Alabama and several other states is related to the security practices of the users of a shared system, such as a statewide voter registration database. By providing computer equipment directly to local officials, the state can ensure that users across the state are implementing basic cybersecurity measures, including antivirus software installation.
• Postelection audits. The state designated $800,000 for postelection audits. This process is an essential election security bookend to the critical election measure already in place, paper ballots. While many of the audit-related costs will be incurred at the local level, the state plans to assume or reimburse all costs associated with implementing robust postelection audits, as local election officials simply don’t have the funds to underwrite this project. ⁸ The state is currently working with election security experts to determine the best options for Alabama, and the first pilots are expected to be scheduled in calendar year 2019. ⁹
• Addressing cyber vulnerabilities. The state designated $2.3 million for various cybersecurity enhancements, improvements, and fixes. Working with a variety of partners, the state plans to “investigate, implement, and identify new technologies” to help reduce or eliminate cyber vulnerabilities. As an example, the state previously fixed an official state elections website vulnerability that had been publicly identified by a private cybersecurity firm. ¹⁰

Additional Unfunded Security Needs

Alabama election officials identified two unfunded election security projects: legacy voting equipment replacement and development of a “cyber navigator program.” ¹¹, ¹² 

Legacy voting equipment replacement. Alabama election officials in every county except Montgomery use legacy voting systems that are more than a decade old, including AutoMARK voting systems, used in 66 counties, and M100s (precinct count optical scanners), used in seven counties. ¹³

These aging voting systems are a security risk and less reliable than voting equipment available today. Older systems are generally “more likely to fail and are increasingly difficult to maintain.” ¹⁴ Specifically, as neither the AutoMARK nor the M100 is currently manufactured, finding replacement parts will be increasingly difficult over time. ¹⁵ This problem exacerbates the system-specific security concerns that have been reported to the EAC or by Verified Voting, such as inconsistent vote tallying and reboot times of 15 to 20 minutes. ¹⁶ Moreover, these systems simply lack important security features expected of voting machines today, such as hardware access deterrents for ports. ¹⁷

State and local election officials would consider using additional election security funding to replace these legacy systems. ¹⁸ Bullock County Court of Probate Judge James Tatum, the local chief election official, explained, “Our [AutoMARKs] are old and becoming very difficult to maintain . . . I would like to have the most secure equipment, cyber training, and election security [tools], but we simply can’t afford it.”

Judge Tatum further explained that although “Secretary Merrill is a champion of rural counties,” they often must do without the tools and resources available in wealthy counties. “While Huntsville and Birmingham can afford these [replacement] costs, when you’re talking about rural counties, we simply can’t afford these costs no matter how much they would improve our election security. For example, we would be responsible for paying for training. Of course, we have to compensate our poll workers for their time when they come to training. We can’t afford it. Rural counties are all in need of some additional resources.”

Development of a “cyber navigator program.” Election officials would like a state program that provides election security and cybersecurity professional services to local election officials. ¹⁹

Illinois recently developed such a system, where cyber navigators with responsibility for geographic zones will work across the state with local election officials to train relevant personnel and lead risk assessments and evaluations, among other things. They will fill a role akin in many ways to that of a chief information security officer for counties. Their assessment and evaluation efforts will help officials identify vulnerabilities and determine where additional resources may be needed to shore up cyber defenses. The program’s other principal components are infrastructure improvement and information sharing. ²⁰

Without a state resource for cyber assistance, local election officials, such as those in Bullock County who do not have dedicated IT staff, may be at greater risk of a successful cyberattack. Local election officials consider the state a trusted partner and know personnel are available to address all voting equipment technical questions. ²¹ However, without a cyber navigator–type of program, local election officials may not have sufficient resources to appropriately respond to identified cyber threats to local systems or equipment, such as those risks shared by the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC).

After obtaining stolen log-in credentials of a local election official, cybercriminals attempted to gain access to Arizona’s voter registration database in 2016. ¹ Subsequently, state election officials initiated the procurement process for a new, more secure database. They also established private and public partnerships to help identify system vulnerabilities and appropriate steps to mitigate them.

For several reasons, including the decentralized nature of Arizona’s election administration system, state election officials believe that supporting local election officials’ election and cybersecurity improvement projects is a critical component of their efforts to improve election security across the state. ² While the 2018 grant provides necessary funding for foundational election security projects, some of which will directly benefit local officials, it is simply not enough to also pay for projects that would provide or subsidize cyber services and more secure voting equipment to local election officials. ³

Allocation of 2018 Federal Election Security Funds

Federal grant: $7,463,675

State match: $373,184

Total: $7,836,859

Arizona has designated the entirety of its federal election security grant and state matching funds toward the following projects: ⁴

• Voter registration database replacement. The former Arizona secretary of state, Michele Reagan, explained the importance of this project, stating, “When our online database was created, cybersecurity was an afterthought. Now, faced with international threats, we must have a system that implements strong protections and the highest level of security capabilities to protect voter data.” ⁵ While the total cost of replacing the aging database is estimated at $7 million to $10 million, the state has devoted approximately $2.8 million to the project. ⁶
• Cybersecurity. The state designated the remaining grant funds, approximately $5 million, to various cybersecurity projects, including:
  • Security assessment. The state partnered with a private vendor to conduct an assessment of the “current IT infrastructure, focusing on critical election systems.” The state expected this assessment to “provide a framework for future spending.” The vendor’s public report was released in late 2018.
  • Information sharing. The state is partnering with local election officials to create stable communication channels and build a culture of support between the state and local election officials through routine meetings with interactive cybersecurity discussion topics and curated agendas.
  • Cybersecurity subgrants to local election officials. Working in conjunction with local election officials, the state plans to distribute a portion of its federal grant directly to counties to fund mutually agreed-on cyber projects.

Additional Unfunded Security Needs

Election officials in Arizona noted they do not currently have funds they need to expand cybersecurity assistance to local election officials or replace legacy voting systems. ⁷

Greater cybersecurity assistance to local election officials. Assisting local election officials with the cybersecurity challenges they face is an important priority for Secretary of State Katie Hobbs. ⁸ The secretary of state’s chief information officer, Bill Maaske, stated that if Congress provides additional election security funding for the states, then he would support using those funds to implement a state cyber navigator program, which, as described below, would coordinate cybersecurity resources, information, and trainings for and with local election officials. ⁹

Such a state program could provide essential services to local election officials, some of whom lack dedicated IT staff and may be at a greater risk of successful cyberattack. Without a cyber navigator–type of program, these local election officials may not have sufficient resources to appropriately respond to identified cyber threats to local systems or equipment, such as those shared by EI-ISAC.

Legacy voting system replacement. Arizona’s legacy voting systems represent a security and availability risk for three main reasons. First, “older systems are more likely to fail and are increasingly difficult to maintain.” ¹⁰ Aging voting systems often use outdated hardware, and many of them, including the AccuVote TSX and AVC Edge systems used in multiple Arizona counties, are no longer manufactured. ¹¹, ¹², ¹³   This can make finding replacement parts difficult, if not impossible. Second, aging systems also frequently rely on outdated software, like Windows XP and 2000, which may not receive regular security patches and are therefore more vulnerable to the latest methods of cyberattack. Third, “older systems are less likely to have the kind of security features we expect of voting machines today.” ¹⁴

State election officials estimate the cost to replace the legacy voting equipment in use across the state, including the direct recording electronic (DRE) machines, to be $40 million. ¹⁵ While relatively wealthy and urban counties, like Maricopa County, may be able to fund the purchase of new voting equipment without financial support from the state, Arizona’s more rural counties will likely struggle to find sufficient local resources. ¹⁶, ¹⁷  Considering this, if Congress allocates additional state election security funding, then state election officials can prioritize assisting counties with new voting system procurement costs. ¹⁸

Illinois

Former special counsel Robert Mueller’s report on Russian election interference included a troubling finding about Illinois: Russian operatives “compromised the computer network of the Illinois State Board of Elections . . . [,] then gained access to a database containing information on millions of registered Illinois voters, and extracted data related to thousands of U.S. voters before the malicious activity was identified.” ¹ Although there is no single panacea to address such threats, the state is devoting a substantial portion of its federal election security funds to a cyber navigator program, which should help identify and address cybersecurity vulnerabilities like those the Russians exploited in 2016.

Allocation of 2018 Federal Election Security Funds

Federal grant: $13,232,290

State match: $661,615

Total: $13,893,905

Illinois is using all of its federal election security funds to improve its cybersecurity. The hallmark of that effort is the state’s cyber navigator program; the state plans to devote at least half of its federal grant toward this program.

Cyber navigators with responsibility for geographic zones across the state will work with local election officials to train relevant personnel and to lead risk assessments and evaluations, among other things. They will fill a role akin in many ways to that of a chief information security officer for counties. Their assessment and evaluation efforts will help officials identify vulnerabilities and determine where additional resources may be needed to shore up cyber defenses. The program’s other principal components are infrastructure improvement, through the Illinois Century Network Expansion, and information sharing, through the Cybersecurity Information Sharing Program. ²

Additional Unfunded Security Needs

Election officials noted two unfunded election security projects: adoption of countermeasures for security vulnerabilities identified through risk and vulnerability assessments, and legacy voting system replacement. ³

The cyber navigator program will help Illinois officials identify potential vulnerabilities in election systems and concrete actions to correct those weaknesses. However, as Noah Praetz, the former elections director of Cook County, explained, counties will likely need additional funds to correct any issues that arise during assessments: “The cyber navigators will be a great resource for counties and will go a long way toward helping officials across Illinois improve their cybersecurity. But we’ll likely need continued funding support to address any vulnerabilities that the Navigators identify and to carry the cyber navigator program forward after its first few years.” ⁴

More immediately, Matt Dietrich of the State Board of Elections explained that Illinois needs significant additional funding to undertake a statewide replacement of its aging voting systems. He estimated the likely cost to be $175 million. “Many of our local jurisdictions used the [original] HAVA grants to modernize their outdated voting systems. But those systems are now 15 years old and in need of replacement.” ⁵ As explained above, such aging systems were not designed to withstand today’s threats and can be more prone to equipment and software issues that could affect performance during voting.

As one of only three states that continue to use paperless voting machines statewide, Louisiana lacks one of the most critical election security measure available today: voter-verifiable paper backups of every vote. Despite warnings by Department of Homeland Security (DHS) officials, cybersecurity experts, and the former Louisiana secretary of state, these paperless machines will likely be used in the upcoming 2019 general election for governor, attorney general, four other statewide elected positions, and all 144 members of the Louisiana Legislature.¹, ² 

The ongoing effort by state election officials to replace the paperless voting machines in order to make election results verifiable has faced many setbacks, including bid protests, administration changes, and state budget woes. ³ Most recently, the process to purchase new, paper-based voting machines failed in October 2018 after a bid protest was filed. With this process stalled, state election officials plan to spend $2 million to rent reliable voting equipment for early voting for the 2019 election. ⁴ Although Secretary of State Kyle Ardoin wants to get new voting machines “as soon as possible to continue to keep Louisiana at the forefront of election integrity and security,” the timeline for replacing the voting machines is somewhat unclear. ⁵

Allocation of 2018 Federal Election Security Funds

Federal grant: $5,889,487

State match: $294,474

Total: $6,183,961

Given the pressing need to replace the state’s paperless voting machines, Louisiana officials have allocated the entirety of the state’s federal election security grant toward the purchase of new voting systems. However, those funds are insufficient to cover the cost of replacing paperless machines statewide. The original contract awarded for new voting equipment, since rescinded, was $95 million. ⁶ Although state officials believe that the ultimate contract price for new voting machines will be lower, federal grant funds may cover less than 10 percent of total costs associated with obtaining and deploying a new, paper-based voting machine fleet across the state. ⁷, ⁸ 

Additional Unfunded Security Needs 

Louisiana has set aside all of its federal money to pay for much-needed new voting machines with paper backups. Even with this funding, it still faces a multimillion dollar gap to replace its voting machines. In addition, it has other security needs that have gone unaddressed, including:

• Post-election audits. If paper-based voting systems are deployed across the state, then the essential election security bookend to the use of paper ballots – robust postelection audits to ensure that the ballots were counted as cast – can be implemented.
• Addressing identified cyber vulnerabilities. Cyber vulnerabilities are identified on an ongoing basis by the secretary of state’s information technology department. ⁹ They also may be identified periodically through independent Risk and Vulnerability Assessments available from DHS. Resources may be required to address cyber vulnerabilities discovered during these processes.

Although Oklahoma deployed a new statewide fleet of voting equipment in 2012, the state still faces many difficult election security decisions. Recent financial constraints have severely limited officials’ discretionary spending as Oklahoma slowly recovers from one of the most debilitating financial crises in the state’s history. Eight months into the past fiscal year, Oklahoma was forced to reduce state agency budgets, resulting in a $50,000 cut in funding to the Oklahoma State Board of Elections. ¹ The year ended in June 2019 with a $167 million projected shortfall, and this was considered an improvement. One state official noted, “Last year [FY 2018], our shortfall was around $800 million. I believe the year before was about $1.3 billion, so we’re improving.” ²

Allocation of 2018 Federal Election Security Funds

Federal grant: $5,196,017

State match: $259,801

Total: $5,455,818

As of July 2018, Oklahoma planned to devote the entirety of its federal grant funds to the following four critical election security projects: ³

• Voter registration database upgrades and security enhancements. The current custom-built state voter registration database relies on architecture designed in 2005 that can be installed only on Windows PCs. Oklahoma plans to spend $1.65 million on the most critical security and system updates and upgrades.
• Cybersecurity and physical security improvements. Working with state and federal partners, election officials have identified multiple discrete projects, such as the relocation of their servers to a secure server bunker, implementation of two-factor authentication for access to the state Virtual Private Network (VPN), and remote antivirus protection management. The aggregate estimated cost of these projects is $1 million.
• Training. The state estimates that developing and providing training for local election officials on the new equipment described above and additional cybersecurity trainings will cost approximately $300,000.
• New election system equipment. The state plans to use $2.5 million to purchase electronic poll books, which officials say can enhance election security through built-in security features, such as automated notifications in the event of unusual activity, e.g., the addition or deletion of a high number of voter records, by one or more users. ⁴ The state also plans to purchase document scanners to reduce the need to store hard copies of documents that contain personal private information and to protect against theft and loss of information through accidents and disasters. ⁵

Additional Unfunded Security Needs

According to State Election Board Secretary Paul Ziriax, Oklahoma Cyber Command and the Department of Homeland Security (DHS) may recommend new election security projects that should be given higher priority than those currently planned. ⁶ These partner agencies routinely provide services that identify cyber vulnerabilities and significant system risks and have been working with the Election Board to explore options “to optimize the board’s physical and cybersecurity and plan for potential election emergency situations.” ⁷

If this process leads to recommendations of new election security measures, then Oklahoma would likely revise the current grant narrative to include them, Ziriax stated. ⁸ If officials designate federal funding for these new projects, then they must reduce the amount of federal funds currently designated for one or more of the projects described above. Depending on the costs associated with the new projects, officials may be forced to delay, partially defund, or abandon currently planned election security projects.

Regardless of the outcome of these assessments, Oklahoma has several additional election security needs, some of which have already been identified by election officials, that are not currently designated for federal funding, including:

• Robust postelection audits. Oklahoma is one of only 10 states with no postelection audit process. ⁹ Robust postelection audits ensure that the ballots were counted as cast and are an essential election security bookend to the state’s use of paper ballots for all elections.
• Voting equipment hardware and software updates. Although Oklahoma’s fleet of paper-based voting equipment is relatively new compared with that of several other states, it is already at the approximate “halfway mark of its life span,” and state officials “anticipate that the system may require hardware and/or software updates.” ¹⁰ If such updates become necessary for proper voting system fleet maintenance, then officials plan to revise the grant narrative and use federal funds for this project. ¹¹
• Virtual Private Network (VPN) upgrades. Oklahoma election officials are exploring options to upgrade the VPN provided by the Oklahoma State Regents for Higher Education to enhance security and protection of the state voter registration database. ¹² This database houses the personal identifying information of more than 2.1 million registered voters in Oklahoma. ¹³

Pennsylvania’s election security challenges are substantial: As recently as the 2018 midterm elections, more than 80 percent of Pennsylvania voters were registered in jurisdictions still using paperless voting systems. ¹ Yet Pennsylvania officials have taken steps to move away from these vulnerable machines. Those efforts include the Pennsylvania Department of State directing counties to have paper-based systems in place by 2020. ²

Allocation of 2018 Federal Election Security Funds 

Federal grant: $13,476,156

State match: $673,808

Total: $14,149,964

Given the pressing need to replace the state’s paperless voting machines, Pennsylvania officials have allocated the entirety of the state’s federal election security grant to the purchase of new voting systems. The state is sharing these funds with counties in the form of a partial reimbursement once they have selected new voting systems, with each county receiving a share proportionate to its number of registered voters. According to the Department of State, the counties have made great strides toward accomplishing the state’s goal of having new paper-based machines in place across Pennsylvania by 2020, and acting Secretary of the Commonwealth Kathy Boockvar expressed confidence in the state’s ability to meet that timeline. ³

Unfortunately, those funds (approximately $14 million with the state match added) are insufficient to cover the cost of replacing paperless machines statewide. The Pennsylvana Department of State estimates that federal funds will cover only 10 to 12 percent of the statewide bill to replace existing machines (approximately $150 million). ⁴ In Lehigh County, for example, Tim Benyo, the county’s chief clerk for elections and registration, stated that federal funds will cover only a small portion of the county’s planned spending to procure a new paper-based voting system: roughly $350,000 of the $3.5 million that the county had budgeted for upgrades. ⁵ Zane Swanger, Mifflin County’s director of elections and voter registration, similarly said that federal funds will cover only $41,000 of a likely $250,000–$300,000 total bill for the predominantly rural county’s purchase of a new voting system. ⁶

Additional Unfunded Security Needs 

Setting aside the ongoing funding gap for new voting systems with paper backups, the urgent need to replace the state’s legacy voting machines has deprived Pennsylvania of the ability to direct federal funds toward other critical election security needs. Examples include:

• Voter registration system. The state is embarking on a procurement process to replace its aging statewide voter registration system, which is into its second decade of use. Pennsylvania’s state officials “have regularly maintained and updated its operating system,” but as Benyo explained, “The system is really outdated, and it has gotten Band-Aid after Band-Aid and requires a lot of money to keep it working properly.” ⁷, ⁸  Department of State leadership stated that although they remain confident in the security of the current system thanks to multilayered security protections in place, the “voter registration system replacement is absolutely about security,” as well as improving its performance and efficiency. ⁹ Not only is the current system expensive to maintain, but officials often confront performance costs when weighing security enhancements to the system.
• Cybersecurity assessments. County officials also expressed interest in regular, robust county cybersecurity assessments, which can be critical to identifying vulnerabilities and shoring up cyber defenses. Although DHS has put Pennsylvania through its Risk and Vulnerability Assessment process and the Pennsylvania National Guard has been offering some cybersecurity assessment services to counties, counties tend to lack dedicated funding for regular, periodic assessments. The Department of State mentioned the Center for Internet Security’s “Albert” sensors and annual costs, in particular, as something that additional funding could support for counties. ¹⁰
• Cybersecurity trainings. There was also interest in cybersecurity training, which can help elections personnel guard against spear-phishing attacks and learn other basics of cybersecurity. Noting that the threat “environment is ever changing,” Zane Swanger emphasized the importance of training his staff, poll workers, and others involved in election administration about current security threats and “better election material handling.” ¹¹

In administering our elections, states face security challenges of unprecedented magnitude. They are, in many cases, ill equipped to defend themselves against the sophisticated, well-resourced intelligence agencies of foreign governments. States should not be expected to defend against such attacks alone. Our federal government should work to provide the states with the resources they need to harden their infrastructure against cybersecurity threats. At the very least, each state should develop the ability to verify election results in the case of a breach.

Russia and other malign foreign actors use multiple tools and tactics to interfere in democracies, and cyber threats against election systems are among them. The states included in this study have begun the hard work of upgrading dated infrastructure, setting aside funds for postelection audits, and addressing cyber vulnerabilities. But there is more they can do with additional resources.

Elections are the pillar of American democracy, and, as we saw in 2016 and 2018, foreign governments will continue to target them. States cannot counter these adversaries alone, nor should they have to. But at a time when free and fair elections are increasingly under attack, they can, with additional federal funding, safeguard them.

Acknowledgments

The Brennan Center gratefully acknowledges BLT Charitable Trust, Carnegie Corporation of New York, Craig Newmark Philanthropies, Democracy Alliance Partners, Ford Foundation, Lee Halprin and Abby Rockefeller, The JPB Foundation, Leon Levy Foundation, Open Society Foundations, Barbara B. Simons, and Wallace Global Fund for their support of our election security work.