SENATE BILL 2953: THE SECURE ELECTIONS ACT
In 2016-2017, a national coalition of election advocacy organizations orchestrated a campaign comprising leading academic experts, current and formal federal officials, editorial writers and respected advocates from both parties, to educate policy makers and urge them to implement federal and state security reforms.
This effort culminated in the Secure Elections Act (S.2261), introduced in December of 2017 by a bipartisan group of six Senators: Sens. James Lankford (R-OK), Amy Klobuchar (D-MN), Lindsey Graham (R-SC), Kamala Harris (D-CA), Susan Collins (R-ME), and Martin Heinrich (D-NM). In March, 2018, the bill was reintroduced as Senate Bill 2953 with cosponsors Richard Burr (R-NC) and Mark R. Warner (D-VA), Co-chairs of Senate Select Committee for Intelligence (SSCI).
The immediate aim of the bill is to secure federal support for states and counties to replace antiquated paperless voting machines before the 2018 and 2020 federal elections and to press for policy changes to ensure election administrators have the auditing tools and training to detect and thwart a cyber-attack.
SYNOPSIS: THE SECURE ELECTIONS ACT
This bill is a comprehensive, bipartisan approach to election cybersecurity. It will:
· Protect states’ primacy in conducting elections.
· Improve information sharing between the federal government and state, county, and municipal election agencies.
· Assist state, county, and municipal election agencies in cybersecurity preparedness.
· Support the states in replacing outdated and insecure electronic voting machines.
· Encourage robust sanctions in response to a state-sponsored hack of U.S. election systems.
The problem we are facing is twofold:
1) External threats: In 2016, Russia successfully exploited weak cybersecurity to breach voter registration systems. Moscow was in a position to disenfranchise voters and undermine confidence in the election. Russia or a copycat actor could launch a similar attack as soon as the next major elections in 2018 or 2020.
2) Internal vulnerabilities: Our voting infrastructure is outdated and vulnerable to attack, raising the prospect that a hostile actor could alter vote totals in the next election.
The bill addresses both the problems described above to protect our election infrastructure by:
· Reaffirming state leadership in administering elections.
· Stating that an attack on election systems by a foreign power is a hostile act and should be met with appropriate retaliatory actions, including sanctions.
· Ensuring that the federal government promptly shares information with state, county, and municipal election agencies about election cybersecurity and that election agencies notify state and federal officials in the event of a possible election cybersecurity breach.
· Providing security clearances to appropriate state officials so they can act quickly on classified cybersecurity information.
· Developing, with the help of a panel of independent experts, a set of voluntary cybersecurity guidelines for election-related systems.
· Establishing a $386M grant program to encourage states to implement those guidelines, immediately address vulnerabilities in advance of the 2018 election, and replace outdated and insecure electronic voting machines.
· Publishing a catalog of free federal services for state and local election officials and a GSA-approved list of cybersecurity vendors.
SECTION BY SECTION ANALYSIS
Section 1: Short Title
Provides the name of the bill.
Section 2: Sense of Congress
Expresses the sense of Congress that states are primarily responsible for federal elections, free and fair elections are central to our democracy, protecting our elections is a national security priority, and an attack on our election systems by a foreign power is a hostile act and should be met with appropriate retaliatory actions, including sanctions.
Section 3: Definitions
Defines key terms that are used for clarity and specificity throughout the legislation, drawing on established statutory definitions.
Section 4: Information Sharing
Establishes a presumption of prompt election-related cybersecurity information sharing between federal agencies and from the federal government to state, county, and municipal election agencies. Requires expedited security clearances for designated election administrators and distribution of a catalog of free federal cybersecurity services for election agencies. Provides for information sharing to federal and state officials about cybersecurity incidents involving election-related systems. Limits liability for states, counties, municipalities and service providers.
Section 5: Advisory Panel and Guidelines
Establishes an independent expert advisory panel to develop voluntary guidelines on election cybersecurity through an open and transparent process. Members of the panel are appointed by the federal government and nonprofit groups that represent state, county, and municipal election officials to ensure all stakeholder interests are represented. Requires the panel to produce guidelines within 180 days, and to periodically update the guidelines. DHS leadership has the final say on the guidelines.
Section 6: Reports to Congress
Requires annual reports to Congress about election cybersecurity threats and periodic GAO reports about the grant program in Section 7.
Section 7: State Election System Cybersecurity and Modernization Grants
Establishes a $386 million grant program to support election cybersecurity preparedness. The main component of the grant program encourages implementation of the guidelines under Section 5. The grant program also provides immediate funds to address cybersecurity vulnerabilities in advance of the 2018 election and to replace outdated and insecure electronic voting machines.
Section 8: Hack the Election Program
Establishes a coordinated “bug bounty” program for election infrastructure. Participation by state, county, and municipal election agencies is entirely voluntary.