States looking to shore up their election-cybersecurity systems have already been given $380 million and a hotline to the Homeland Security Department. And that’s likely to be all they’ll get, at least until after the midterms.
In the wake of a Senate Rules Committee hearing on Tuesday featuring testimony from three state election officials, Chairman Roy Blunt and ranking member Amy Klobuchar downplayed the idea that the Secure Elections Act—a bipartisan bill crafted in the wake of the Russian government’s 2016 attack against the U.S. presidential election—will pass in time to help safeguard November’s vote.
Klobuchar highlighted the allocation of $380 million in March’s budget bill for states to upgrade their election-cybersecurity infrastructure, suggesting the most crucial task has already been accomplished by Congress.
“We got the money out—we’d like to get more money out, but we got the money out immediately,” Klobuchar told reporters after the hearing. “And if we don’t pass [the Secure Elections Act] right before [November] 2018, we can still pass it after.”
In addition to diverting additional funds to election security, the bill would set up a cooperative cybersecurity framework between DHS and state officials and create a minimum set of requirements states must meet on issues such as postelection audits.
But given the reportedly positive trajectory on many of those issues, Blunt suggested that new legislation may not be the highest priority for Congress. “Most of the things that the Secure Elections Act would require happen in the future appear to be happening now,” the Missouri Republican said.
Blunt was in part referencing the newfound respect and robust cooperation between DHS and state officials on election cybersecurity. After what was categorized by nearly every participant as a “rocky start” to DHS’s bid to embed itself into the security systems of state elections, officials on Tuesday spoke glowingly of a détente between the two sides.
Even Jay Ashcroft, Missouri’s Republican secretary of state and a former fierce critic of DHS’s intrusion into his state, seemed caught up in the kumbaya moment. Addressing Matt Masterson, a senior cybersecurity adviser at DHS, Ashcroft said, “All of the concerns I had about DHS, and all of the points that I pointed to, were before you and the people that hired you [came into office]. I’m still a little gun-shy, but I will admit that DHS has, I think, been night-and-day different than they were at the end of 2016.”
But state officials say it’s not just about a closer working relationship with DHS. While the Election Assistance Commission continues to dole out the $380 million—Blunt said Tuesday that $250 million has been requested by 38 states, with around $150 million already disbursed—state officials say more money is needed.
“I would respectfully request that those in Congress consider some ongoing way to provide resources for us along those same lines,” said Steve Simon, Minnesota’s secretary of state. “While we don’t want to look a gift horse in the mouth, and we are very grateful—I know I am—for that money, this is expensive. And the recommendations we get from the Department of Homeland Security—while very helpful, they have a price tag. And that’s not always accounted for in state budgets.”
The latest draft of the Secure Elections Act, sponsored by Klobuchar and Republican Sen. James Lankford, allocates another $386 million to states for election-cybersecurity upgrades. That’s similar to the $380 million already allocated, and some state officials expect the final amount to be much smaller.
The Senate Rules Committee has primary jurisdiction over the legislation, and Blunt suggested to reporters that there will eventually be a hearing specifically addressing the bill. But past attempts to pass legislation in time for the midterms have been stymied.
“We tried to get it on the [National Defense Authorization Act]; we have tried to get it done by itself,” Klobuchar said. “We tried to get the whole bill on the Budget Act. And we’re trying with appropriations now to see what we can do to get some of it on there.”
It’s not clear that all Republicans support further election-cybersecurity legislation. Blunt was the only GOP senator to ask questions during Tuesday’s panel, and Sen. Deb Fischer was the only other Republican to briefly attend the hearing.
During his opening statement, Ashcroft suggested that the threat of voter fraud was “exponentially greater” than the threat of election hacking. The Missouri secretary of state said lawmakers overemphasizing the issue worked to undermine voter confidence in the system and, ultimately, suppress turnout.
Ashcroft’s statement prompted a furious response from Democrats on the panel. But Sen. Ron Johnson, the chairman of the Homeland Security and Government Affairs Committee, had advanced a similar argument during an election-cybersecurity hearing in April.
State officials no longer hold out much hope that the Secure Elections Act will pass in time to help secure the midterms.
“I can’t believe it would have any impact on 2018,” said Jim Condos, Vermont’s secretary of state and the incoming president of the National Association of Secretaries of State. “By the time they get around to it—who knows when it’s going to pass. I don’t see it passing before October.”
But Condos and other state officials say the bill could still be an important part of hardening their defenses in 2020, when foreign meddling is expected to be more extensive. And Senate supporters of the legislation say they’ll keep pushing the measure even if the window closes on 2018.
“You’ve got these guys in small counties all over the country, and they’re supposed to somehow think that they’re all protected when you have major U.S. companies being hacked,” Klobuchar said. “That’s just not fair to them. And so that’s why I don’t think it’s just for fun that they’re here saying they need more resources.”