Given ongoing attempts from foreign governments, including Russia and Iran, and foreign intelligence services to meddle in and influence U.S. elections, the United States must take measures to secure election systems against interference.
Current regulations under the Help America Vote Act (HAVA) require the U.S. Election Assistance Commission (EAC) to provide for the testing and certification, decertification and recertification of voting system hardware and software by accredited laboratories. However, HAVA does not explicitly require penetration testing of voting systems.
A U.S. Senate bill of Strengthening Election Cybersecurity to Uphold Respect for Elections through Independent Testing (SECURE IT) Act is led by U.S. Sens. Mark Warner of Virginia and Susan Collins of Maine.
U.S. Reps. Abigail Spanberger of Virginia and David Valadao of California introduced the House version of the bill today to strengthen the security of U.S. election infrastructure by requiring that voting systems undergo simulated attacks as part of their standard certification process.
The House legislation would direct the EAC to require that voting systems undergo cybersecurity penetration testing — a practice that allows researchers to search for vulnerabilities by attempting to attack a system with the same tools and techniques used by cybercriminals — in order to receive certification. The bill would also direct the EAC to create a voluntary program for vetted researchers to access voting systems provided voluntarily by manufacturers to discover vulnerabilities and disclose them to the manufacturer and EAC.
“We continue to hear reports of foreign governments, individuals, and companies actively working to influence U.S. elections and subvert our democracy,” Spanberger said. “The sanctity of our free and fair elections is core to our identity as Americans. I’m proud to lead this bipartisan legislation to help uncover potential vulnerabilities in our election systems, strengthen our elections infrastructure, and raise our defenses against bad actors.”
Common Cause Virginia supports the legislation.
“With only months until the 2024 election is fully underway, hostile actors continue to use cyberattacks to try to infiltrate and disrupt our elections,” Lauren Coletta, Senior Advisor, Common Cause Virginia, said. “We must do everything we can to protect our elections and guarantee that the voices of all voters will be heard. Common Cause Virginia applauds Representative Spanberger for introducing the bipartisan SECURE IT Act to ensure our elections can continue to be free, fair, and secure, and we urge Congress to quickly pass much-needed reforms like the ones in this bill.”
Valadao said Americans “need to have confidence in their vote and our elections in order for democracy to succeed. The SECURE IT Act will help us find and fix the vulnerabilities in our voting systems that could be exploited by foreign or domestic adversaries. This is an important step to ensure the safety and security of our nation’s elections.”