U.S. Rep. John Katko (R-NY) has introduced a bipartisan bill that would permit the U.S. Department of Homeland Security (DHS) to establish a recurring “Hack the Election” competition aimed at bringing in outside cyber experts to help the federal government protect the nation’s election infrastructure.
Such a competition, also known as a bug bounty program, is the main thrust of the Prevent Election Hacking Act of 2018, H.R. 6188, unveiled on June 21 by U.S. Rep. Mike Quigley (D-IL) and Rep. Katko.
“Our voting systems remain vulnerable to hacking, and we must do more to protect against cyber aggression,” Rep. Katko said. “This is an issue we must work across the aisle to address, and I’m proud to take the lead with my colleague Rep. Quigley.”
H.R. 6188 aims to “help ensure our nation’s foremost experts on cybersecurity have the tools that they need to identify and combat malicious cyberattacks against our democracy,” added Rep. Katko.
If enacted, H.R. 6188 would direct the U.S. Secretary of Homeland Security to within a year establish the Hack the Election Program, which would be used to improve the cybersecurity of the systems that administer elections for federal office, among other provisions, according to the draft text of the bill provided by the lawmakers.
The new program would build on a model used annually by DefCon, which organizes a hacking conference designed to educate and involve the computer security community in fixing potential weaknesses in the U.S. voting systems, says a statement from Rep. Katko’s office. During last July’s Voting Machine Hacking Village event at the 25th annual DefCon computer security conference held in Las Vegas, attendees found and exploited vulnerabilities in five different voting machine types in less than a day.
Under H.R. 6188, such assessments would be encouraged by independent technical experts, in cooperation with state and local election officials and election service providers, according to the text of the bill.
Participation in the proposed H.R. 6188 Hack the Election Program would be voluntary for state and local election officials and election service providers.
However, Rep. Quigley pointed out that many state and local election boards usually don’t know when they’ve been hacked; “either because they don’t know what to look for or don’t have the technology needed to help spot an intrusion,” he said. “That is why we must continue to better understand the vulnerabilities that exist so we can implement infrastructure upgrades that address them head on.”
And as the nation witnessed during the previous presidential election cycle, the United States has adversaries committed to interfering with its democratic process, said Rep. Katko, calling such intrusions grave threats to the country’s security.
In fact, during the lead-up to the 2016 elections, the U.S. intelligence community has since determined that at least 21 state election systems were targeted by such adversaries, according to the statement from Rep. Katko’s office.
“While there was no evidence of Russia tampering with the vote count process, that does not mean Russia or another adversary will not try to attack us again in upcoming elections,” the statement noted.
Additionally, according to the statement, many voting machines and election databases around the nation remain outdated and at risk to outside interference, with an estimated 41 states still relying on voting machines that haven’t been replaced in more than 10 years.
“Our foreign adversaries don’t have to hack into every single board of election to undermine our democratic process; it just takes a couple to achieve their goal of eroding public trust in our electoral system,” said Rep. Quigley. “This important bill will enlist the unique knowledge of cybersecurity experts to safeguard the foundation of our democracy — the right to free and fair elections.”
By allowing independent cyber experts the opportunity to assist participating state and local election officials in preventing hacking attempts, DHS then could focus its resources on providing election officials with technical assistance to enhance their cybersecurity defenses, according to the lawmakers.
H.R. 6188 has been referred to the U.S. House Committee on House Administration for consideration.