The nation’s election systems are at risk of cyberattacks as long as U.S. Congress and other legislative bodies throughout the country ignore the need for establishing safeguards against voting system breaches, U.S. Rep. Joaquín Castro (D-San Antonio) said Thursday during a keynote speech at a local cybersecurity conference.
At Cyber Texas, a three-day conference on cybersecurity and information sharing throughout communities in Texas, Castro said more government resources should be dedicated to protecting the nation’s electronic voting systems and other digital elections infrastructure.
“There isn’t a single federal law, and I still can’t find a state law, that establishes a baseline minimum of cybersecurity protections for our voting systems,” he said. “And that needs to happen.”
The San Antonio representative has proposed the Global Electoral Exchange Act, or HR 753, which would establish a universal set of standards for election security at home and abroad. The U.S. Senate introduced a companion bill, sponsored by presidential candidate and U.S. Sen. Amy Klobuchar (D-Minn.) and Sen. Dan Sullivan (R-Alaska).
Castro said the bill would address the need for coordinated offensive and defensive capabilities to thwart cyberattacks. The legislation, if passed, would begin a process for establishing treaties with foreign allies to share information and set best practices for combating election interference the world over.
“My act is a modest attempt to get greater cooperation and greater resources between the federal government and local governments – and, actually, to prod local governments to do a better job securing, not just their elections systems, but security their city government websites, securing all the things they are in charge of,” he said.
The Aug. 16 ransomware attack on 22 local government entities in Texas should sound the alarm for legislative and industry leaders throughout the state, Castro said. He surmised the scale of the attack, which appears to have come from one source, could have been much larger. Few details have emerged about the attack, but neither the City of San Antonio nor Bexar County were affected, officials told the Rivard Report.
“They hit 22 cities at once in Texas,” Castro said. “They probably could have hit 250 across the country. There are a lot of entities that are vulnerable right now.”
In ransomware attacks, hackers hijack an entity’s digital infrastructure, blocking access to systems until a ransom is paid, usually in digital cryptocurrency because of it’s hard-to-trace nature. More than a quarter of the affected organizations have transitioned from responding to the incident to recovering from it, according to the Texas Department of Information Resources, which oversees statewide information security. The attack prompted a federal investigation which remains ongoing.
Ransomware attacks have shut down computing systems in Baltimore and Atlanta, costing the cities millions of dollars. Since the March 2018 attack on the City of Atlanta’s infrastructure, hackers have replicated the attack on other municipalities and government entities.
If local and state governments want more resources for defending against cyberattacks, they need to lobby their representatives and label it a top issue, Castro said.
“The costs can be great, and there’s this breaching of people’s private data,” he said. “They need to press members of Congress a lot harder and make it a bigger priority.”