Senators on Wednesday pressed top officials from the U.S. Election Assistance Commission (EAC) about their efforts to boost state cybersecurity election systems, with a focus on whether each state should have a mechanism in place to audit their results.

“Many elections across the nation do not have auditable elections. They are done completely electronically,” Sen. James Lankford James Paul LankfordMcConnell works to lock down GOP votes for coronavirus bill Charities scramble to plug revenue holes during pandemic Warren calls for Postal Service board members to fire DeJoy or resign MORE (R-Okla.) told the panel of witnesses at a hearing on election security preparedness convened by the Senate Rules and Administration Committee.

Thomas Hicks, the head of the EAC, indicated that states decide whether they want to have auditable elections.

ADVERTISEMENT

The EAC, established in 2002, is a bipartisan commission tasked with developing guidance to meet requirements like maintaining the national mail voter registration form, “adopting voluntary voting system guidelines, and serving as a national clearinghouse of information on election administration," according to its website.

Sen. Angus King Angus KingGovernment watchdog recommends creation of White House cyber director position Democrats step up hardball tactics as Supreme Court fight heats up Shakespeare Theatre Company goes virtual for 'Will on the Hill...or Won't They?' MORE (I-Maine) pressed Hicks on whether there should always be a paper backup to determine accurate counts.

"It depends on the state,” Hicks said. "If we can do security with paper, to make sure it is accessible to those who have disabilities, then I would say that is 100 percent right that we should have a paper backup."

Hicks said states are not required to have an auditable ballot trail, despite requirements under the Help America Vote Act (HAVA) that they must abide by in order to receive federal money.

The hearing comes amid heightened security concerns that malicious actors may seek to interfere in the November midterm elections, following the U.S. intelligence community's assessment that Russia meddled in the 2016 presidential election.

Election officials at the state level are responsible for picking cybersecurity protection monitoring services, Hicks said, adding that it falls on states to determine whether a company is reputable.

"We don't give that sort of specific advice," Hicks said. "Individual election officials have to be vigilant in terms of knowing that there are going to be pop-ups out there looking to make a quick buck."