The handful of companies that design and make nearly all of America’s voting machines insist that their equipment is cordoned off from bad actors on the internet, but in fact there are multiple ways in for anyone who is motivated, persistent and willing to commit a federal crime.

These manufacturers could choose to share information in order to help researchers and experts identify security weaknesses, but instead they have zealously guarded it as proprietary, even when the outcome of a presidential election has been at stake — as John Kerry found out when his 2004 presidential campaign attempted to look into voting irregularities in Ohio.

Our reliance on these newer voting technologies is largely a result of the failures of older ones. In the weeks after the 2000 presidential election, the entire country sat on edge as Florida poll workers painstakingly examined butterfly ballots and hanging chads. Following that disaster, Congress passed the Help America Vote Act , which established a federal agency, the Election Assistance Commission, to serve as a resource and clearinghouse for state election officials. But the commission, which has been a political football since its creation, is perennially understaffed and underfunded. Most of the nearly $4 billion that it initially got from Congress was spent on new electronic machines that were designed without anticipation of the sort of coordinated cyberattacks America now faces. And these machines are now approaching the end of their useful life.

Now for some good news. Elections officials have become acutely aware of these risks to America’s electoral security, especially after the wake-up call they got in 2016. In a rare example of bipartisanship, Republicans and Democrats are communicating with one another and with their counterparts around the country, sharing information and shoring up defenses where needed.

Most encouraging, the key fixes are relatively simple, and everyone agrees on what they are.

One, provide a paper trail for every vote. Hackers work most effectively in the dark, so they love voting machines that produce no paper verification. Currently, five states — Delaware, Georgia, Louisiana, New Jersey and South Carolina — run their elections entirely on paperless touch-screen machines. But all five states are considering a switch back to paper ballots in time for 2020. In this year’s midterms, 19 states and Washington, D.C., will use only paper ballots.

Two, audit the vote. The best way to do this is known as a risk-limiting audit, which means comparing the digital tally to a manual count of a randomized sample of paper ballots. This type of audit can identify voting tabulation errors resulting from either malicious attacks or software failures.

Three, give states more resources. After dragging its feet for years, Congress in March approved $380 million in grants to states for election security. A little more than a third of the money will be spent on enhancing cybersecurity. A little more than a quarter will go toward buying new voting equipment. The rest will be spent on improving voter-registration systems, running vote audits and communicating better with voters around election time.