link to page 2 
August 8, 2019
Election Security: Federal Funding for Securing
Election Systems
Russia targeted state and local systems as part of its effort
election process or the winners it produces. In some cases,
to interfere with the 2016 elections, according to the U.S.
some have suggested, such small-scale attacks might also
Intelligence Community. Reports of Russia’s activities
be able to change election outcomes.
highlighted the potential for threats to the technologies,
facilities, and processes used to administer elections.
Appropriated Funding
Congress has responded to such threats, in part, by
States, territories, and localities have primary responsibility
providing and proposing funding to help secure elections.
for ensuring that election systems are secure, but federal
agencies also play a role in helping identify and address
This In Focus offers an overview of federal funding for
election system threats and vulnerabilities. Congress has
securing election systems. It starts with some background
provided election system security funding both to states,
on potential threats to state and local election systems and
territories, and the District of Columbia (DC) and to federal
then summarizes the funding Congress has provided and
agencies since the 2016 elections.
proposed to help secure those systems.
Funding for States
Background
The FY2018 Consolidated Appropriations Act (P.L. 115-
Elections-related systems in all 50 states were likely
141) included $380 million for payments to the 50 states,
targeted in the 2016 election cycle, the Senate Select
DC, American Samoa, Guam, Puerto Rico, and the U.S.
Committee on Intelligence (SSCI) suggested in a July 2019
Virgin Islands (referred to herein as “states”) under the
report. Some attempts to access state and local systems
Help America Vote Act of 2002 (HAVA; 52 U.S.C.
succeeded. Russian actors reportedly extracted voter data
§§20901-21145).
from the statewide voter registration database in one state,
for example, and breached county systems in another.
The FY2018 payments were appropriated under provisions
of HAVA that authorize payments to states for general
Multiple techniques were used to target state and local
improvements to the administration of federal elections.
election systems in the 2016 cycle. Attackers tried to access
The explanatory statement accompanying the FY2018 bill
voter registration databases by entering malicious code in
listed the following as acceptable uses of the funding:
the data fields of state or local websites, for example, and to
obtain access to county systems by sending emails to
replacing paperless voting machines,
election officials with malware attached.
conducting postelection audits,
addressing cyber vulnerabilities in election systems,
Election systems may also be vulnerable to other types of
providing election officials with cybersecurity training,
attack. Hacked election office websites or social media
instituting election system cybersecurity best practices,
accounts might be used to disseminate misinformation, for
and
example. Malware might be spread among non-internet-
making other improvements to the security of federal
connected voting machines, computer scientist J. Alex
elections.
Halderman has testified, in the course of programming the
machines with ballot designs. Individuals with access to
Each state was guaranteed a minimum payment under the
election storage facilities might tamper with voting
FY2018 appropriations bill, with some eligible for
equipment.
additional funds based on voting-age population (see
Figure 1). The 50 states, DC, and Puerto Rico are required
Some threats to election systems may also be compounded
to provide a 5% match for the federal funds they receive,
by the structure of U.S. election administration. States,
and all funding recipients were asked to submit their plans
territories, and localities—which have primary
for the payments to the U.S. Election Assistance
responsibility for conducting elections in the United
Commission (EAC) and report each year on how they
States—use different election equipment and processes and
spend their funds.
have varying levels of access to security resources and
expertise. This decentralization may help guard against
According to the EAC, which is charged with administering
large-scale, coordinated attacks, but it also offers potential
the FY2018 HAVA payments, all of the available funds
attackers multiple possible points of entry, some of which
were requested by July 16, 2018, and disbursed to the states
may be less well defended than others.
by September 20, 2018. States spent at least $108.14
million of the $380 million total by the end of April 2019,
Limited attacks on less well defended jurisdictions might
the agency reported to the House Committee on House
undermine voters’ confidence in the legitimacy of the
Administration in July 2019.
https://crsreports.congress.gov
Election Security: Federal Funding for Securing Election Systems
Figure 1. FY2018 HAVA Election Security Funds
recording electronic (DRE) voting machines and make
other election security improvements.
Some Members have also introduced bills to authorize other
election system security spending. For example, the For the
People Act of 2019 (H.R. 1), which incorporates provisions
of a number of other measures, would authorize funding for
various election system security purposes, including
replacing paperless voting systems and conducting
postelection audits. The Election Security Assistance Act
(H.R. 3412) would authorize $380 million in payments to
the states for purposes such as enhancing election
technology and improving election security.
Such proposals have taken various approaches to securing
election systems. Some of the ways in which they vary are:
Type of Threat Addressed. Election systems face
multiple threats. Bad actors might target technological,
Source: U.S. Election Assistance Commission.
physical, or human vulnerabilities in the system, for
example, or more than one of the above. Funding
Funding for Federal Agencies
proposals offered since the 2016 elections have aimed to
In addition to payments to the states, Congress has provided
address several types of threat. For example, the FAST
election system security funding to federal agencies.
Voting Act of 2019 (H.R. 1512) would authorize grants
Multiple agencies, from the U.S. Department of Homeland
for securing the physical chain of custody of voting
Security (DHS) to the U.S. Department of Justice (DOJ),
machines, among other purposes, and the EAC
are involved in helping secure election systems. For more
Reauthorization Act of 2017 (H.R. 794; 115th Congress)
information about the role of any given agency, see CRS
would have authorized funding to upgrade the
Report R45302, Federal Role in U.S. Campaigns and
technological security of voter registration lists.
Elections: An Overview, by R. Sam Garrett.
Timing of Response. Efforts to secure election systems
Congress has designated some of the funding it has
can try to mitigate a risk at any point in its lifecycle
appropriated to such agencies specifically for helping
(e.g., identifying, protecting, detecting, responding, or
secure election systems. For example, DHS designated
recovering). Funding has been proposed for
election systems as critical infrastructure in January 2017,
interventions at various points. Some of the funding
and the report language for subsequent DHS appropriations
provisions of the SAFE Act (H.R. 2722) would aim to
measures has recommended funding for the agency’s
protect election systems against attacks, for example,
Election Infrastructure Security Initiative (EISI). The
while others would try to help election officials respond
explanatory statement for the FY2018 spending bill also
to them.
directed the Federal Bureau of Investigation (FBI) to use
some of its funding to help counter threats to democratic
Specificity of Uses. Some of the funding provisions of
institutions and processes.
election system security bills have been directed to
specific purposes. Others would authorize more general
Agencies may also spend some of the funding they receive
election security funds and delegate responsibility for
for more general purposes on activities related to election
identifying the best uses for them to states or other
system security. The EAC devotes some of its operational
entities. The Election Security Assistance Act of 2019
funding to developing voluntary guidelines for voting
(H.R. 3412), for example, would leave decisions about
systems, for example, and the Defense Advanced Research
how to use its payments largely to the states. The 115th
Projects Agency (DARPA) has provided funding under its
Congress’s Secure Elections Acts (S. 2261; S. 2593;
System Security Integrated Through Hardware and
H.R. 6663) would, among other provisions, have
Firmware (SSITH) program to advance development of a
established an election cybersecurity advisory panel and
secure, open-source voting system.
grants for states and localities to implement the panel’s
Proposed Funding
guidelines.
Proposals to provide funding for election system security
Three of the above proposals—the House’s FY2020 FSGG
have been offered in each appropriations cycle since the
appropriations bill (H.R. 3351), the For the People Act of
2016 elections. For example, proposed amendments to
2019 (H.R. 1), and the SAFE Act (H.R. 2722)—had been
FY2019 appropriations measures in the House and Senate
passed by the House as of this writing. None of the other
would have provided $380 million and $250 million,
proposals had advanced past referral to committee or
respectively, under the same provisions of HAVA and the
committee hearings.
same or similar terms and conditions as the FY2018
appropriations bill. The House-passed version of the
Karen L. Shanton, Analyst in American National
FY2020 Financial Services and General Government
Government
(FSGG) appropriations bill (H.R. 3351) includes $600
million for payments to the states to replace direct-
IF11286
https://crsreports.congress.gov
Election Security: Federal Funding for Securing Election Systems
Disclaimer
This document was prepared by the Congressional Research Service (CRS). CRS serves as nonpartisan shared staff to
congressional committees and Members of Congress. It operates solely at the behest of and under the direction of Congress.
Information in a CRS Report should not be relied upon for purposes other than public understanding of information that has
been provided by CRS to Members of Congress in connection with CRS’s institutional role. CRS Reports, as a work of the
United States Government, are not subject to copyright protection in the United States. Any CRS Report may be
reproduced and distributed in its entirety without permission from CRS. However, as a CRS Report may include
copyrighted images or material from a third party, you may need to obtain the permission of the copyright holder if you
wish to copy or otherwise use copyrighted material.
https://crsreports.congress.gov | IF11286 · VERSION 1 · NEW