The NCSL Blog


By Katy Owens Hubler

If you’ve watched the news lately you’ve probably heard a lot about “hacking” elections.

: Network Security Analyst Ron Bandes, Geoffrey Hale from the U.S. Department of Homeland Security, Virginia Election Commissioner Edgardo Cortes, Adam Ambrogi from the Democracy Fund, and Connecticut Secretary of State Denise Merrill is at the podium.It’s no surprise, then, that one of the hit sessions at NCSL’s Future of Elections Conference in Williamsburg, Va., addressed what states can do about elections security.

From left: Network Security Analyst Ron Bandes, Geoffrey Hale from the U.S. Department of Homeland Security, Virginia Election Commissioner Edgardo Cortés, Adam Ambrogi from the Democracy Fund, and Connecticut Secretary of State Denise Merrill is at the podium. Photo credit: New Jersey legislative staffer Frank Parisi.

The session kicked off with a note that the term “hack” can mean different things to different people, and that there is no American election system: Elections are run 50 different ways in 50 different states. And, votes were not manipulated in the 2016 election.

Voter registration databases, used to keep track of voters in states, however, were the target of malicious cyber activity. This brings home the point that election systems are the combination of many different types of technology, equipment and databases, all of which are important to the goal of securing elections.

During the election security session, panelists offered tips for securing election systems.

Enhance the process of testing and certifying election systems

  • Connecticut Secretary of State Denise Merrill suggested having an academic base for election technology research and testing and certifying voting systems. Her state uses the University of Connecticut’s Center for Voting Technology Research for this purpose.
  • Merrill also suggested that states could create regional centers for testing and certifying systems that could be used by multiple states with similar voting system requirements.
  • Virginia State Election Commissioner Edgardo Cortés emphasized the importance of updating state certification programs to account for new threat assessments, especially those related to cybersecurity.

Work with federal agencies and other states to share security information and best practices

  • Geoffrey Hale from the U.S. Department of Homeland Security (DHS) gave an overview of federal security services that are available to state and local governments to help secure elections. These include things such as cyber hygiene scanning, risk and vulnerability assessments, cyber resilience reviews, security, tips, alerts, and information sharing, cybersecurity advisers and incident management. DHS’s goal, he said, is to help the election community become as resilient as possible to cyberattacks.
  • Virginia State Election Commissioner Edgardo Cortés addressed state legislators directly, saying they can ensure state election officials have authority to ask for help from federal agencies, and share information with these agencies and other states to stay up to date on security-related developments.
  • The U.S. Election Assistance Commission has tips, best practices, documents and videos to help with Election Security Preparedness.

Ensure “operational security

  • Network Security Analyst Ron Bandes emphasized the need for “operational security.” It isn’t enough to purchase systems with good security features, he said. You also need strong security procedures, and protocols for what happens if there is a security issue—and staff needs to follow these procedures and protocols. He encouraged election officials to seek out security experts to help secure their systems.
  • Cortés also spoke about the need for cybersecurity awareness training, at all levels of election administration, as well as enhanced security protocols for securing voter registration systems.

Securing our election systems was a theme throughout the conference, and other sessions addressed variations on this theme as well. More ideas for legislators to engage directly in the process of securing elections:

  • Speak with local and state election officials, as well as federal agencies, to determine what is needed.
  • Examine the process for testing and certifying election systems.
  • Establish or enhance post-election audits.  
  • Think ahead when writing statutes since it’s hard to know what the future might hold for election technology. Use broad, technology-neutral language.
  • Help local jurisdictions to fund a secure election process, from beginning to end.

Katy Owens Hubler is a former member of NCSL’s elections team and currently consults for NCSL.

Actions: E-mail | Permalink |

Subscribe to the NCSL Blog

Click on the RSS feed at left to add the NCSL Blog to your favorite RSS reader. 

About the NCSL Blog

This blog offers updates on the National Conference of State Legislatures' research and training, the latest on federalism and the state legislative institution, and posts about state legislators and legislative staff. The blog is edited by NCSL staff and written primarily by NCSL's experts on public policy and the state legislative institution.