With evolving threats of everything from ransomware attacks to continued disinformation campaigns to nation-state attacks, States are under pressure to secure election systems and data. Cyber criminals and bad actors are targeting states to disqualify legitimate voters, corrupt data, and launch denial-of-service and other attacks. With just nine months to go until the 2020 presidential and congressional elections, the pressure is mounting.
There is some good news on the front lines, though. Enter the federal government.
States still have time to safeguard their election infrastructure. They’ll need to act fast to take advantage of financial assistance provided by the Election Assistance Commission (EAC), which ended up with $425 million in grant funding to allocate to state and local officials to provide greater cyber security protections during federal elections. As discussed in my previous post, lawmakers struck a deal late in 2019 as the federal government operated under a continuing resolution, splitting the difference between the Senate Appropriations Committee’s $250 million recommendation and a $600 million proposal from the House in an omnibus spending agreement for fiscal year 2020.
Allowable Use of Funds
According to a joint explanatory statement accompanying the agreement, the EAC grant funding can be used similarly to the $380 million that was provided in 2018. The assistance can be used to replace electronic voting machines with paper ballot systems; conduct post-election audits; upgrade election-related computer systems to address cyber vulnerabilities; facilitate cyber training for state and local election officials; implement cyber security best practices for election systems; and perform other activities to improve overall election security. According to the EAC, 36% of the 2018 funds will be spent by 41 states planning to improve election cyber security.
Applying for Funds
The EAC has released allocations for all the states for the FY 2020 funding. States are required to secure a match of 20% of their total allocation within two years of receiving the funding. Official award letters are forthcoming, but states are permitted to start incurring expenses, based on their respective allocation, and they must spend that funding within five years. Specific guidelines for using the funding can be found on EAC’s website.
Maintaining the integrity of our election process goes far beyond technology, it is really an emergency management and response issue and requires a collaborative approach—collaboration between the federal government, local and regional governments, industry and elected officials. The threat is real and states must act now to mitigate the risks. To this end, we have a great resource on our FireEye election security page to help those looking for more information and updates on news and related blog posts.