“Right now, Russia’s security services and their proxies have geared up to repeat their interference in the 2020 election,” Fiona Hill, a former National Security Council staffer, testified during impeachment hearings this week. “We are running out of time to stop them.”

While Hill’s testimony added to the case that US president Donald Trump abused the powers of his office, it also underscored how little has been done since he was elected to protect polling infrastructure, stop the hacking of secure data, or limit propaganda campaigns.

There is less than a year to go before Americans choose their next president.

At the polling place

In 2016, the FBI determined that Russian digital operatives had targeted election infrastructure in 21 states, according to the Senate Intelligence Committee’s report on the topic (pdf). Though hackers were able to download Illinois’ entire voter database, the committee found no evidence that votes were manipulated.

Still, digital security experts say that electronic voting machines remain startling vulnerable to interference and are often run on obsolete or unpatched software. There is also a lack of federal standards for voting machines, and an unwillingness among the private companies who make them to share their source code openly or submit to independent vulnerability testing.

States, which manage election procedures, fret both about their ability to take on government-backed actors on their own, and about potential overreach from the federal government as it asks them to improve their operations. Some states are working with the Department of Homeland Security (DHS) to receive regular assessments of their digital security, and the federal government has pushed state and local governments to share more information with each other about election threats.

Democrats in the House passed a bill this summer to give local governments $700 million in grants to pay the costs of securing voting systems. Among other things, the bill ensures that states create paper copies of digital ballots. (As things stand, about 10% of voters lack that protection.) Republicans in the senate, however, have refused to pass the bill, arguing that because the 2018 midterm election went smoothly, there is no need for the upgrades.

Republican Senate leader Mitch McConnell said recently he supports $250 million in funding for state election security—but experts say the real cost of upgrades could be closer to $2.2 billion.

“The Trump administration has done far too little to protect Americans’ votes against foreign hacking, despite overwhelming evidence that Russia targeted election systems in 2016, and is ready to do so again,” Senator Ron Wyden, a Democrat from Oregon who serves on the Senate Intelligence Committee, told Quartz. “Cybersecurity experts have called on the government to set national security standards for election systems, including paper ballots and post-election audits. So far, none of that has happened. If foreign powers interfere in the 2020 election, the blame will fall squarely on Donald Trump and Mitch McConnell.”

In the inbox

Much of the chaos in the 2016 presidential campaign was sewn when hackers, sponsored by Russia, broke into Democratic operatives’ e-mail accounts using fairly simple “spear phishing” tactics. When embarrassing or out-of-context e-mails were released through Wikileaks, they sparked in-fighting, distracted voters, and often led to confusion with candidate Hillary Clinton’s controversial private e-mail server, which was never actually accessed by foreign actors.

There may be some deterrence against this now, at least for Americans. As a result of special counsel Robert Mueller’s investigation into interference in the 2016 election, Trump’s political adviser Roger Stone was last week convicted of six felonies stemming from lies he told federal investigators and Congress about his role as a middleman between Trump’s campaign and Wikileaks.

While candidates are taking their own cybersecurity more seriously this time around, hackers are still probing: Microsoft reported that a group of hackers linked to the Iranian government has attempted to compromise a presidential campaign, though didn’t specify which one. Efforts to provide campaigns more resources—like a bill from Wyden that would allow national parties to provide those resources—have not made it far.

It’s not clear that the executive branch is taking the cybersecurity challenge seriously. On Thursday, a top DHS cybersecurity official announced she would step down. In October, the head of White House cybersecurity wrote in a resignation memo that the White House was eliminating security procedures and warned that the executive branch would likely be hacked again. Security experts have repeatedly warned that administration officials, including former UN Ambassador Nikki Haley and Trump himself, rely on unprotected communication systems that have likely been compromised by foreign rivals.

Campaigns and foreign agents

There is literally no one to enforce campaign finance law, including laws prohibiting foreign actors from contributing anything of value to a political campaign.

Trump and senate Republicans can’t agree how to staff the Federal Elections Commission (FEC), which requires at least four members to take action but only has three. This means it is unable to investigate the Trump campaign’s refusal to pay the security costs incurred by city police departments during political events, among other matters.

“We recently closed an enforcement matter without investigating even though there were terribly serious allegations of Russian money being funneled into our elections, and I could not get four votes to investigate those allegations,” FEC chair Ellen Weintraub told NPR in August.

Mueller’s investigation into the 2016 election concluded that there was insufficient evidence to convict Trump campaign operatives, including Donald Trump Jr., of breaking campaign finance laws—as they exist now—by soliciting negative information from Russian agents. House Democrats passed a bill last month that would tighten the rules around campaign contact with foreign governments, requiring operatives to disclose to the FBI if they are contacted by foreign agents, and making it illegal for campaigns to share data with them. Senate Republicans have also opposed that bill.

In the last two weeks, meanwhile, numerous officials have testified that Trump asked the president of Ukraine to investigate former vice president Joe Biden and his family before he would release military aid authorized by Congress. Trump said as much to reporters in a press gaggle last month.

“Well, I would think if [Ukraine] were honest about it, they’d start a major investigation into the Bidens,” Trump said on Oct. 3. “They should investigate the Bidens because how does a company that’s newly formed, and all these companies—and by the way, likewise, China should start an investigation into the Bidens because what happened in China is just about as bad as what happened with Ukraine.”

With the close of public testimony this week, articles of impeachment are expected to be voted on soon, resulting in a Senate trial to determine if Trump will be removed from office. There has been little evidence to rebut the assertion that Trump used the powers of his office to further his domestic political goals. But at least 20 Republican senators would need to agree that such abuse of power is an impeachable offense for Trump to be ultimately removed from office. Few political observers think that’s likely.