Opinion

As election security risks grow, Congress must get off the sidelines

Some Republican senators argue new legislation is unnecessary. They’re wrong

The work to address threats posed to our voting infrastructure is far from over, Waller writes. (Bill Clark/CQ Roll Call file photo)

OPINION — Texas got some terrible news last month. Twenty-two municipalities in the Lone Star State were the targets of massive ransomware attacks — a kind of cyber kidnapping. According to the mayor of Keene, “Just about everything we do at city hall was impacted.” The Borger city government wasn’t able to process utility payments — putting residents at risk of losing access to running water or electricity.

If just a few attacks could debilitate almost two dozen cities in Texas, imagine the chaos if several hundred were carried out on our country’s voting infrastructure right before Election Day. To prevent this, Congress must pass legislation that deters future foreign interference in our electoral system.

The Department of Homeland Security defines ransomware as “malicious software designed to deny access to a computer system … until … ransom is paid.” Ransomware often infects victims’ computers when the user opens a phishing email or clicks on a fake link. One municipal official clicking on a well-disguised phony email could expose an entire state’s voting infrastructure.

Imagine this tactic being employed on a wide scale by a committed foreign adversary. Long lines at the polls are a perennial problem that a simple attack could exacerbate. One wrong click could lock state officials out of voter registration systems, or even alter vital information on voter rolls. This would inevitably cause confusion at the polls, which could deter some from voting. If the enemy were to target the right areas, the legitimacy of the entire election could be thrown into doubt.

Such a situation almost played out in 2016. The bipartisan Senate Intelligence Committee report attested that the Russian government attempted to hack into one state’s election results website. Had it succeeded, the consequences of the attack could have been catastrophic. The Kremlin would have had the means to alter unofficial election results. And if the public was thereby given reason to doubt the public vote tallies — or if the official vote tallies differed substantially from the unofficial tallies — faith in democratic government itself might well have been irrevocably damaged.

This type of digital assault is not being dreamed up by armchair experts or doomsday predictors. Cybersecurity experts at DHS are preparing for just such a scenario, warning that election systems are at a “high risk” for potential hacking and manipulation.

While it is heartening that DHS is taking these possibilities seriously and exploring measures that will protect local, state, and federal voting infrastructure, this is not enough. Our leaders in Congress can and must do more to deter future foreign meddling in our political system.

Unfortunately, Republican senators have repeatedly argued that new election security legislation is unnecessary. They claim past appropriations for state cybersecurity are sufficient.

Wisconsin Sen. Ron Johnson waved off real reform, saying, “When we were in the [election security] briefing, we asked, ‘Do you need further authority?’ And the people in charge of election security don’t need any further authority, they don’t need a law.” Similar sentiments have been shared by other Senate Republicans, including Louisiana’s John Kennedy.

Despite what these senators have been told in briefings, federal funding alone has proved inadequate. There have been 60 hacking attacks on U.S. institutions this year, and 170 since 2013. It is necessary to harden government targets and pass legislation like the DETER Act, co-sponsored by Sens. Marco Rubio of Florida and Chris Van Hollen of Maryland. This bipartisan bill would greatly increase the cost to foreign adversaries meddling in our elections. In particular, any government determined by the intelligence community to have interfered in our political system would be subject to severe sanctions on major sectors of their economy.

Americans need to know that what happened in 2016 will not be repeated in future elections. Our members of Congress swore an oath “to support and defend the Constitution of the United States from all enemies, foreign and domestic.” They should live up to that call by putting election security legislation — not just money, but real reform — on the president’s desk as soon as possible.

David B. Waller is a legal adviser for Republicans for the Rule of Law. He previously served as White House legal counsel and assistant secretary of Energy for international affairs in the Reagan administration; and as deputy director general of the International Atomic Energy Agency.

Get breaking news alerts and more from Roll Call on your iPhone.