Vol. 52, No. 4

In this edition

With polls showing that over 80% of the American people view cyberterrorism as one of the top threats facing the United States, the latest Ripon Forum examines what is being done to prevent a “Cyber 9/11.”

In Memorian: “An Enduring Peace”

In tribute to the life and accomplishments of the late John McCain, we republish his 2008 interview with the Forum that not only remains remarkably relevant today, but reminds us why he will be missed.


America has played defense long enough when it comes to cybersecurity. In the face of an increasing multitude of threats, it is time to go on offense.

Elevating Cyber Command:

The elevation of CYBERCOM earlier this year is a move whose time has definitely come. In fact, the only possible criticism could be: “What took you so long?”

The Magnitude of the Cyber Threat Facing America

With an estimated 40 billion new devices expected to be interconnected by 2020, the American people — and the U.S. economy — are more vulnerable than ever before to a cyber attack.

Defending the Grid

With cyber threats continuing to grow and evolve, the public & private sector are working together to protect America’s supply of electric power.

Closing the Federal Cyber Workforce Gap

A recent OMB report highlighted the fact that Three quarters of federal agencies lack the capability “to effectively detect data exfiltration attempts and respond to cybersecurity incidents.”

Paper Ballots & Election Security:

Eliminating the human element from filling out paper ballots is as essential to election security as ensuring election machines produce a voter verifiable paper ballot.

Safeguarding the Mid-Terms

There’s a mixed bag of actions being taken by election officials in states across the country in order to mitigate the infiltration of election systems during the 2018 mid-terms.

Troubling Trends in the Federal Budget

Elected leaders profess to be concerned about the nation’s long-term economic growth. You’d never know it, however, by looking at the federal budget.

A Failure on 9/11, and a Lesson Finally Learned

Prior to 2001, the ability to communicate over commercial wireless carriers would routinely be unavailable during major incidents — times when first responders need it the most.

Ripon Profile of Jackie Walorski

The Indiana Congresswoman discusses, among other topics, the importance of farmers and manufacturers in her District, and how tariffs will impact their work.

Safeguarding the Mid-Terms

What states are doing – and not doing – to keep the November elections secure

There’s a mixed bag of actions being taken by the Secretaries of State and election officials in states across the country in order to mitigate the infiltration of election systems during the 2018 mid-terms. Some prioritize new voting machines, others seek to bolster their cybersecurity, and others seek to improve the training and communication of state and local election officials. But not only are there vastly different approaches to election security, there are varying levels of concern from one state to another.

The intelligence community in the United States has been forthcoming with their findings of foreign meddling in the 2016 election. Agencies have published reports, top officials went to Capitol Hill to testify and give closed-door briefings to Members of Congress, and state election officials have been notified of previous and ongoing cyberattacks. Despite the unanimity of alarm among federal agencies of impending cyber incidents, state responses to the issue are far from consistent.

Traditionally, states have been apprehensive to the notion of the federal government intervening with their constitutionally reserved right to run elections as they see fit—one example being the 15 Republican and Democratic states denying President Trump’s voter fraud commission’s request for detailed voter data last year. With this in mind, it is no surprise that states are reluctant to accept offers from federal agencies to assist them with handling their election systems.

Despite the unanimity of alarm among federal agencies of impending cyber incidents, state responses to the issue are far from consistent.

So, what are states doing in advance of the upcoming election? This question less than a year ago would have been a tough one to answer. In early months of 2018 only a fraction of states released press releases addressing their election security, and an even smaller portion published a plan outlining actions being taken to actively prevent future attacks.

It wasn’t until this past March—when $380 million was appropriated to the U.S. Election Assistance Commission (EAC) for the sole purpose of funding election security enhancement grants—that Secretaries of State and Boards of Elections across the country started looking into the threat seriously. Even then, that $380 million is only a fraction of what some lawmakers wanted to see allocated, and experts argue that updating the most outdated voting machines alone would cost $500 million.

In order to be eligible for their share of these federal grants, each state was required to create a budget narrative outlining how they would use the funds to make improvements that met EAC standards. According to the EAC, there were five major categories that for which states are planning to use the grant funding: cybersecurity, new voting equipment, improved voter registration systems, post-election audit activities, and improved election-related communication efforts. Two thirds of all funds will be allocated toward programs targeting the first two categories of cybersecurity and voting equipment.

Other efforts identified by the state officials include training for state and local election officials, hiring of personnel specialized in cybersecurity or information technology, and drafting internal policies outlining new security protocols and incident response plans.

The progress over the past six months is laudable, to be sure, but it still may not be enough. Bolstering security through rebuilding databases, replacement of election equipment, and the implementation of new cyber strategies will not simply happen overnight. After looking through each state’s budget narrative, it is apparent that this endeavor of overhauling our election is being approached by states as a long-term undertaking with some security measures not being fully in place for nearly six more years.

Some goals will be achieved ahead of the 2018 mid-terms, such as personnel training and tweaks to digital systems. But, the most notable changes (new and upgraded equipment, more secure voter registration systems, and being able to audit election results) will not see completion until after the 2018, 2020, and even the 2022 elections. Logistical complications, contractual obligations, and a lack of resources help explain the range of timelines.

The most notable changes (new and upgraded equipment, more secure voter registration systems, and being able to audit election results) will not see completion until after the 2018, 2020, and even the 2022 elections.

West Virginia, for example, has a budget narrative where they outline to the EAC their use of $3.6 million of grant funding. Secretary of State Mac Warner admitted, “West Virginia’s economic situation since the first round of [federal grants] in 2002 has deteriorated and many less-populated counties simply do not have resources to prioritize funding election systems over debts that continue to rise, such as jail bills and road maintenance,” he continued, “Funds to acquire [EAC] mandated machines that come with the latest and greatest technology and protections simply do not exist in many counties.”

Last year, the U.S intelligence community announced evidence of Russian infiltration and scanning of the election systems in 21 states. But, clandestine activities may stretch much further than originally reported according to Chris Krebs, the Undersecretary of DHS’ National Protection and Programs Directorate. “I would suspect that the Russians scanned all 50 states,” Krebs said in his testimony during a Congressional hearing in July. He further explained that these 21 states, which have been found to be targets of Russian cyber activity, are only the one’s that they know about.

As for the states which have been confirmed as being scanned by Russia, their reaction to the information has been all over the place. The state of Washington, for example, is reevaluating their election system, prioritizing system assessment and penetration testing in order to prevent future break-ins. The state has also partnered with DHS to assess vulnerabilities, share information, and receive in-person cyber support. Actions like these lay the groundwork for a properly prepared system, supported fully by officials and policymakers from the top down.

Florida, on the other hand, is implementing policies seen as counterproductive according to local election officials. Despite the state receiving the second largest sum of nearly $10 million in federal funds, many counties are complaining. They accuse the state of implementing arbitrary and counterintuitive rules for how the money is being distributed, which include quick deadlines and provisions stating that all money not spent this year must be yielded back to the state. The problem with these policies is that they encourage the counties to act with short-term thinking, and it hinders their ability to adequately plan a long-term investment strategy for their election security.

Rebuilding America’s electoral infrastructure is no small task. It will take time, resources, and an unprecedented level of cooperation in order to properly prepare to fend off international attacks to undermine U.S. elections. The mid-terms are just weeks away, and states across the country will soon find out whether they did enough in time to safeguard the credibility and security of their elections.

Kyle Chance is the Ripon Forum’s Editorial Assistant.  For a chart illustrating how each state is spending federal election funds, please see below.