Days away from the Iowa caucuses, and less than 11 months from the general election, voting and election security continues to be a challenge for the U.S political system. Threats to a secure election appear to loom as large today as they did in 2016, when Russian state-backed hackers and social media trolls threw U.S. political campaign and election efforts into chaos, turmoil that has only become clear after the fact.Certainly, voting security has made great strides since 2016. State and local governments took advantage of a funding boost under the Help America Vote Act to improve their infrastructure and better coordinate among themselves to harden election systems. Congress allocated an additional $425 million as part of a spending compromise that was passed and enacted in late-December, giving election officials even more latitude to make improvements.A spokesperson for the Department of Homeland Security\u2019s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) tells CSO that the agency has seen marked improvements in security over the past few years. \u201cIn our work with all 50 states and more than 2,400 local jurisdictions, we\u2019ve seen a maturation in the risk management practices across the sector,\u201d the spokesperson says. \u201cWhether implementing controls like multifactor authentication and intrusion detection systems or exercising incident identification, communications, and response, the progress for election security is real.\u201dEven more improvements to how the country responds to election threats could flow from a decision announced last week by the FBI to alter its policy regarding how it informs state officials about local election security breaches. In the past, the FBI informed state officials of cybersecurity attacks on local election infrastructure after informing local officials, allowing state officials to proceed with vote tallies and other efforts without full information. Now the bureau plans to keep state officials informed in a timelier manner, hoping to improve federal and state cooperation on election security matters.No quick fix for election infrastructure issuesHowever, the evidence of problems across America\u2019s election infrastructure uncovered since 2016 indicate that fixing America\u2019s voting and election infrastructure problems is a long-term proposition, one that won\u2019t be fixed in time for the election in November. The report by Special Counsel Robert Mueller found that two Florida county systems were penetrated by Russian hackers in the run-up to election day in 2016. Mueller further found that an election software vendor, purportedly one of the industry\u2019s top vendors, VR Systems, was the victim of a successful phishing campaign by the hackers, who implanted malware on the vendor\u2019s network.Last week, in an affidavit filed in Atlanta federal court, security expert Logan Lamb found evidence suggesting an election server in Georgia had been hacked in December 2014. He further found that access logs to the server were deleted in March 2017, shortly after one of his colleagues alerted officials at Kennesaw State University, which manages the servers, that the server was still vulnerable.Because of widespread vulnerabilities across tens of thousands of voting districts, many experts fear a repeat of the same problems the nation experienced in 2016. According to a recent AP report, tremors of potential trouble are already being felt across the U.S. voting landscape, with state election officials in at least two dozen states reporting recent suspicious cyber activity.Permanent record of votes necessaryEarlier this month, the U.S. Committee on House Administration held hearings on 2020 election security during which experts and three of the nation\u2019s top election vendors testified about what they think some of the most important voting and election security solutions are. Election security expert Matt Blaze, McDevitt Professor of Computer Science and Law at Georgetown University said that an urgent step in securing elections is getting rid of paperless voting machines that leave no permanent records of votes. These machines should be replaced with optical scan ballots that leave an artifact of voters\u2019 choices, enabling \u201crisk liming audits\u201d after every election to detect whether software failure or attacks have occurred.The election software vendor company CEOs testifying before that committee were all in agreement that more resources are needed to shore up elections. They also indicated they could embrace some form of federal standards or oversight to ensure voting integrity.\u00a0More funds needed for election securityTom Burt, president and CEO of Election Systems & Software, said his company supports \u201cthe increase in attention and dedicated resources coming from Congress, state and local officials, the EAC [Election Assistance Commission], and DHS.\u201d Applauding the $450 million spending increase granted to local authorities in December, Burt, like his fellow CEOs, said that\u2019s not enough. \u201cWe believe the federal government needs to devote even more financial resources to jurisdictions that manage elections as part of the critical infrastructure in our country.\u201dJulie Mathis, president and CEO, Hart InterCivic, Inc., was the most explicit in endorsing federal government involvement in overseeing election security. \u201cWe encourage Congress and the EAC to continue exploring ways to apply federal oversight on all election technology, including areas of high vulnerability \u2014 such as voter registration, electronic pollbooks, and election night results reporting.\u201d John Poulos, president and CEO, Dominion Voting Systems, asked the lawmakers to free up more funds to remove barriers to modernizing election infrastructure and evaluating cyber risks surrounding voting technology.DHS\u2019 CISA says it\u2019s doing its part to help voting vendors improve their security postures. The newly formed government agency is working with the major election equipment vendors to conduct assessments of their products through its partnership with Idaho National Labs, a CISA spokesperson tells CSO.Russian election interference still a threatAside from threat to the actual voting infrastructure is the separate concern over whether Russia or any other foreign adversaries might repeat the kind of hacking campaigns that targeted the DNC and other Democratic party players during the 2016 election. \u201cWe\u2019ve made election security our top priority at CISA for the simple reason that American elections should be decided by American voters \u2014 without foreign interference,\u201d the CISA spokesperson tells CSO.Yet, a recent New York Times report indicates that Russia has taken steps to hide its tracks when it comes to hacking American political actors such as the DNC and are \u201crefreshing\u201d their operations to be less sloppy this go-around. One of the Russian intelligence units responsible for the DNC hack, Fancy Bear, has moved some of its servers to the U.S. to thwart the NSA and other American intelligence agencies, according to some federal officials.Trolls within Russia\u2019s Internet Research Agency, which mounted massive disinformation attacks across social media accounts in 2016 that were designed to sow division in the American electorate, are purportedly using more secure, encrypted communications methods such as ProtonMail, to plot their 2020 campaigns, the Times report states, citing a government official and a security expert. They are also paying Americans to spread their message on Facebook to make their actions harder to trace.Yet another concern not directly related to voting infrastructure security is the rising threat of ransomware against American municipalities, which could be deployed to strategically cripple voting systems on election day. High-profile attacks in New Orleans, Baltimore and a cluster of cities in Texas were among only some of the nearly 200 ransomware attacks that hit U.S. municipalities in 2019.Wherever the threats may arise, all Americans should be prepared to participate in defending elections from threats in 2020, CISA says. \u201cEvery American has a role to play in ensuring the 2020 elections are secure and resilient,\u201d an agency spokesperson tells CSO.