Written by Sean Lyngaas

U.S. lawmakers on Tuesday heard from Illinois officials who were on the front lines of Russia’s interference in the 2016 election in a hearing that held the state up as a model for election security.

Since Russian hackers breached Illinois’ voter registration database in 2016, Illinois officials have set up an internal computer network to better protect voter data, established a “Cyber Navigator” program that embeds IT specialists in local election offices, and used the Illinois National Guard to protect the 2018 midterm vote.

“It’s my hope that programs such as this can serve as models for other states,” said Rep. Lauren Underwood, D-Illinois, vice chairwoman of the House Homeland Security Committee, which held the hearing. She was referring to the Cyber Navigator program, to which Illinois has dedicated roughly $6.9 million, the great majority of it federal grant money.

To build on progress in Illinois and elsewhere, election security experts have called for larger and more consistent tranches of federal funding. The annual cost of replicating the Cyber Navigator program nationwide, for example, would be around $55 million, according to New York University’s Brennan Center for Justice.

That is one chunk of the $2.2 billion that the Brennan Center says is needed to implement a suite of security measures across states, including replacing old voting machines, upgrading voter registration systems, and providing cybersecurity support to cash-strapped election jurisdictions.

“Congress should pay its fair share of the ongoing cost to protect our democracy,” Liz Howard, counsel for the Democracy Program at the Brennan Center, said at the hearing.

After repeatedly blocking election-security legislation, Senate Majority Leader Mitch McConnell, R-Kentucky, last month expressed support for an additional $250 million in funding for states. The Senate has yet to vote on the bill, however. If and when that funding is authorized, there will be security programs in place in states like Illinois that are increasingly poised to capitalize on it.

At the hearing, Illinois Board of Elections Director Steve Sandvoss discussed a penetration-testing program put in place after Russian hackers compromised the voter registration database in 2016. Illinois election personnel are now testing for SQL injection attacks, like the one the Russians used, and other means of compromising the database, he said.

As state and local officials look to institutionalize such programs, they are regularly reminded of the interest foreign powers have shown in interfere in the electoral process. Last month, the FBI and Department of Homeland Security warned states that the Russian government could use voter suppression tactics, as it did in 2016, to try to interfere in the 2020 election.

“2020 is absolutely a target for nation-state actors and others to explore vulnerabilities not just in the systems, but [to] create disinformation campaigns in and around the elections process,” Matt Masterson, DHS’s top election-security official, said at the hearing.