Election officials have plenty to learn from hackers

Every year, DEFCON convenes thousands of hackers who attempt to breach the security of important technologies in an effort to expose vulnerabilities. For the past two years, this has included voting machines in a room dubbed the “Voting Village.” 

Rather than watch from the sidelines, or read about the findings in the news, I wanted to see for myself. So, I went to DEFCON. I listened, I observed and I had the opportunity to address attendees. 

{mosads}While it’s important to constantly search for and understand the vulnerabilities of any voting system, a unifying message at the conference — from hackers to elections officials alike — is that we must be on alert and Congress must invest more to better secure our elections.

Threats to the integrity of our elections are constantly evolving. Not too long ago, a primary focus for election officials was securing voting machines. Today, cyberattack vectors have expanded — and so must our defenses. 

This includes protecting our state voter registration databases, county election management systems, election night reporting websites, state and local government social media accounts and ensuring the information voters consume is accurate. 

Intelligence officials tell us that the “warning lights are blinking red” — and our adversaries are getting more sophisticated. It’s clear to me, as California’s chief elections official, that we cannot become complacent.

That’s why attending DEFCON was important. Though, as my secretary of State colleagues are right to point out, the environment under which voting machines were “hacked” at DEFCON do not precisely reflect real-world conditions.

On Election Day, voting machines aren’t left on tables to be opened or exposed for hours on end, and there isn’t unlimited public access to equipment at polling places or county offices.

Still, we could learn a lot from friendly hackers. Their insight can help us stay one step ahead of those who seek to undermine our democracy. It forces us to take second, third and fourth looks at systems. Elections officials must constantly scrutinize, test, adapt and upgrade security measures.

But no matter how much we learn or how much we innovate, we cannot succeed without adequate resources. Election administrations in America has been historically underfunded and understaffed. The burden of funding for election administration typically falls on the limited budgets of local governments.

States have a responsibility when it comes to properly funding election administration, including security. I’m proud that in California we secured $134 million in this year’s budget to upgrade or replace voting systems plus additional funding for the creation of the offices of Election Cybersecurity and Enterprise Risk Management.

We’re also updating hardware and software, monitoring our networks around the clock, and we’ve strengthened communications and information-sharing channels with federal authorities.

Still, we can and must do better.

You may have heard that Congress recently appropriated $380 million for election security nationwide. Not quite. Remember butterfly ballots and hanging chads? The recent federal appropriation was simply the final disbursement of money originally approved in 2003 to address the debacle of the 2000 presidential election in Florida. 

There has been no new additional funding authorized to address our modern security challenges. To make matters worse, this month, the Republican majorities in both the House and the Senate defeated measures that would have appropriated $250 million for election security grants to states.

Meanwhile, they approved a $700-plus billion national defense appropriation — with not one cent for shoring up our nation’s election systems.

Protecting our elections from foreign interference is a matter of national security. That’s why our election infrastructure has been designated as critical infrastructure by the Department of Homeland Security.

For elections officials to implement needed election security measures, state and local governments need ongoing funding from federal and state budgets. We can’t let up, and we can’t rely on dated equipment. The stakes for our democracy are too high.

Until Congress takes our requests seriously and makes the necessary investments to further fortify our voting equipment and systems, election officials must think and act outside the box.

While I’m told I was the first secretary of State to attend DEFCON, I’m confident I won’t be the last. We have a responsibility to learn from hackers, particularly those wanting to help. We owe it to the nation to do all we can to protect our elections.   

Nothing short of our democracy is at stake.

Alex Padilla serves as California’s secretary of State and earned his Mechanical Engineering degree from the Massachusetts Institute of Technology.