California’s election systems are secure, but more money is needed to upgrade antiquated voting machines, better train IT staff to defend against cyberthreats and educate the public, state and county election officials told lawmakers Wednesday.
The request comes three months before California’s primary election and against the backdrop of reports of Russian attempts to meddle in the 2016 U.S. presidential election.
It is a threat that California Secretary of State Alex Padilla described to lawmakers as “the new normal,” and one that requires him to work under the assumption that Russia, another country or a bad actor will try to undermine future elections.
“California does have some strong security measures in place to protect our elections, but we must constantly improve and strengthen our systems,” Padilla said. “My office, in conjunction with county election officials, needs additional resources if we are to defend against future cyberthreats.”
He added that there is no evidence that California election systems — which, he acknowledged, are a target — were hacked or breached in 2016.
That’s in large part because the state and its 58 counties have some of the most rigorous testing and certification standards in the country for voting systems, Padilla said. New voting systems go through months of testing, including functional testing, source code review and IT experts trying to break into the systems. Counties are required to perform logic and accuracy testing before each election and they must follow specific procedures for the programming, deployment and use of voting equipment.
And most voters in California use a verifiable paper ballot to cast their vote.
“State law requires that no voting system or part of a voting system in California can be connected to the Internet,” Padilla told a joint hearing of the Assembly Committee on Elections and Redistricting and the Senate Committee on Elections and Constitutional Amendments.
“So, we make it impossible to systematically hack or rig an election,” he added.
The state’s voter registration database, known as VoteCal, is housed on a separate, internal secure network — not on the cloud or the state’s general network.
However, the threat of a cyberattack on voter rolls or county election systems is still very real in California and the rest of the country.
“The reality is that in today’s world, if you operate any IT system, including election systems, you’re a target of nation-state actors across the globe and others seeking to disrupt democracy,” said Matthew Masterson, a commissioner with the U.S. Election Assistance Commission.
Making the situation even more tenuous in California is aging voting equipment that is “literally falling apart” and county election officials turning to eBay to find replacement parts that vendors no longer make. In some cases, Padilla said, the machines are so old, they can’t be patched or updated with new security software.
Gov. Jerry Brown has asked state lawmakers to set aside $134 million to help counties replace their equipment. His budget proposal is being reviewed by budget committees in the Legislature.
What’s not included in the budget, however, is the additional money that state and local election officials say they need to better train IT staffs and to dispel the ever-increasing misinformation campaigns on social media intended to influence voters.
“We have to make an investment in public education and outreach,” Dean Logan, Los Angeles County’s chief elections official, told lawmakers.
Otherwise, he warned, other efforts to beef up cybersecurity and replace aging equipment “won’t be successful,” and “we won’t realize the full vision of those reforms.”