• United States



Contributing Writer

U.S. Rep Lieu hopeful for election security bill prospects

Aug 09, 20194 mins
Critical InfrastructureSecurity

Congressman sees Republican softening on gun legislation as a sign they might be willing to consider election security. Calls on the security community to expose election system weaknesses.

election hacking security 2020 election security flag global breach by stuartmiles99 getty
Credit: StuartMiles99 / Getty Images

U.S. Representative Ted Lieu (D-CA) thinks that Senate Majority Leader Mitch McConnell’s weakening opposition to gun legislation bodes well for the prospects of passing an election security bill. Several election security measures have stalled in Congress since the 2016 presidential election because McConnell has refused to take them up on the Senate side.

“I know that public sentiment has shifted on the gun issue so that Mitch McConnell is now willing to consider background checks on guns and red flag laws,” Lieu tells CSO Online. “That wasn’t something he had been saying a few weeks ago. So, you never know when something can happen that will shift public sentiment in such a way that will force him to take up a vote for election security.”

Lieu also called for continued exposure by the hacking community on the weaknesses in the nation’s election security infrastructure. One day after a bombshell report by cybersecurity researchers that nearly three dozen state election systems are exposed to hacking on the internet, Lieu says “I think continual pressure from communities, especially the hacking community, that shows how these machines can be hacked will be helpful in getting an election security bill signed into law because it really drives home the issue that we really have weakness in our voting capability.”

Lieu’s comments came after a panel here at DEF CON on “hacking” the Congress. Jane Harman, former member of Congress and current president of The Wilson Center, kicked off the panel noting how difficult it is for most politicians to grasp digital technology problems. “Politics is an analog world and the problems politicians confront are digital,” she said. “A whole bunch of folks in Congress are still using flip phones.”

Harman painted a hypothetical, catastrophic scenario of a destructive cyber event and asked the two sitting members of Congress on the panel how they would react as Members of Congress. Representative James Langevin (D-RI) said that “we would hope the right processes are in place to have a whole of government response to a cyber incident.”

Langevin cited the 2016 election as a model when the U.S. was totally caught off guard regarding the degree to which Russia interfered in the U.S. elections. “We were not caught up in 2018. We were much better protected in 2018 but not perfect. It’s a work in progress.”

Lieu said that Congress is not prepared for a cyber incident. “When a crisis hits, it’s generally too late for Congress to act. We are not the executive branch. We don’t take immediate action. We pass laws, none of which are speedy,” he said.

“What we can do is try to set up conditions and put in laws that can mitigate any future crisis,” Lieu said. That’s why Lieu and Langevin co-authored a bill to establish a White House cybersecurity czar. “If you look at how we do cybersecurity in the federal government, it’s pretty messed up” with multiple government agencies and offices involved in dealing with cybersecurity incidents. “If we centralize a single plan, it will make things easier.”

Lieu noted that 20 years ago fellow panelist IBM X-Force Red Team Director Cris Thomas, also known as Space Rogue, testified before Congress on how weak cybersecurity was in 1998. “Twenty years later we’re still there.”

Thomas said that cybersecurity in DC isn’t really taken as a priority but “the current congresspeople I see want to be knowledgeable. It’s up to us as a community to engage with those people…to educate them,” he said.

Despite the knowledge gap between Congress and the cybersecurity community, Thomas, like fellow panelist Rapid7’s Jen Ellis, is optimistic the divide can be bridged. “I’m also optimistic…not only because we have the congressmen here but also because of the number of you who come out to hear them.”

The important role of the hacking community in helping to achieve that goal was emphasized by all the panelists. “If you take away nothing, you can get involved and have an impact,” Langevin said.

“I want you to understand your power to shape public sentiment. Just letting the public know, letting the press know puts pressure on your senator,” Lieu said.