Cyber-brief: State-by-State Election Security Plans and Priorities
35+ YEARS OF FREEDOM OF INFORMATION ACTION
Election security has been a pressing issue since the 2016 elections due to concern over foreign interference in the election and possible cybersecurity risks.
According to the U.S. Election Assistance Commission Web site:
"On Friday, March 23, 2018, President Donald J. Trump signed the Consolidated Appropriations Act of 2018 into law. The Act included $380 million in grants, made available to states to improve the administration of elections for Federal office, including to enhance technology and make certain election security improvements. The2018 HAVA Election Security Fund, authorized under Title I Section 101 of the Help America Vote Act (HAVA) of 2002, marks the first new appropriations for HAVA grants since FY2010. This funding will provide states with additional resources to secure and improve election system."
Each 2018 HAVA Election Security Fund recipient, including 54 states and territories, published plans for the grant’s use. Below is a graphic representation of the general categories of planned expenditure by state. Training and personnel (37 states), voter registration systems (33), and voting hardware upgrades (32) were the most common categories, while tabletop exercises (12), system audits (8), and election night reporting security (5) were the least common.
The graphic highlights the disparity among state approaches to election security. While some states were able to pursue a variety of initiatives, several states only invested in one or two categories. This reflects the disparities in state election infrastructure and the effects of aging infrastructure on state ability to invest in comprehensive cybersecurity. A number of states spent the totality of their HAVA grants on replacing voting machines over any other initiative. These differences are further highlighted within the scope of the state narratives; for example, some of the upgrades categorized under election bureaucracy software and hardware upgrades are replacing systems over a decade out of date.
Reporting planned spending in each category is difficult due to inconsistent budget templates as states added or removed categories from their budgets as fit their needs. Items not included in state “cybersecurity” spending (such as voting hardware or voter system improvements) arguably pertains to election cybersecurity, and the “other” category is often used as an ambiguous catch-all for any initiative outside of personnel, equipment, county grants, or trainings. Further, some line items made it impossible to distinguish budgets for individual efforts from one another (e.g., software patching, licensing costs, hardware upgrades, and software development all falling into “equipment”; tabletop exercises falling into “training”).