Cybersecurity

New York lawmaker introduces bill to compel election cyber threat studies

As concerns about the security of the presidential election rise, a state senator is hoping to get New York evaluating its election systems for vulnerabilities.

By Alex Koma

September 9, 2016

As lawmakers and cybersecurity experts increasingly worry about the threat hackers could pose to election systems, a new bill in New York would direct state leaders to study their own machines and databases for vulnerabilities.

State Sen. David Valesky introduced S. 8818 last week, citing the FBI’s warning to states and localities to examine the security of their election systems after investigators discovered in August that hackers accessed a pair of databases.

“This legislation will require the state of New York to evaluate and analyze any vulnerabilities that may exist in its computerized election databases,” Valesky wrote in a memo attached to the bill. “By analyzing and reporting on these potential vulnerabilities, the state will be better able to proactively address issues in security before they arise. By conducting this analysis and acting upon it, voters can remain confident that their private information stored by election officials and the integrity and trustworthiness of elections remains safeguarded against cyberthreats.”

Specifically, Valesky’s legislation would charge the commissioner of the state’s Department of Homeland Security and Emergency Services with leading the effort, in conjunction with the State Board of Elections and the Office of Information Technology Services.

Analysts with those groups would have to “conduct a vulnerability analysis and report regarding the vulnerability of electronically stored voter and election-related information” held at both the state and county levels. The agencies would also be tasked with examining the “vulnerability of registration records and voting machines to electronic hacking and cyberattacks from both foreign and domestic sources.”

Valesky’s bill would require the departments to deliver their first report to Gov. Andrew Cuomo and legislative leaders within one year of the legislation’s enactment, then on a biannual basis subsequently.

This legislation comes as several federal authorities are taking steps to examine the security of election systems before voters head to the polls this November — the U.S. Election Assistance Commission is set to review cybersecurity standards with the National Institute of Standards and Technology later this month, while the Department of Homeland Security is weighing whether to classify electronic voting machines as pieces of “critical infrastructure” at the urging of some members of Congress.

The cyber experts at Center for Internet Security’s Multi-State Information Sharing and Analysis Center have also warned states and localities to guard against everything from phishing attacks on election officials to denial of service attacks on local polling place networks.

Yet Valesky’s bill wouldn’t have much bearing on the coming presidential contest — the Legislature doesn’t reconvene until January.

But once lawmakers return to Albany, the legislation has a decent chance of earning a floor vote. The bill is set to be reviewed by the Senate’s Rules Committee, and the legislative analytics company FiscalNote estimates it has a 49 percent chance of advancing out of that committee since Valesky is one of its members.