Russia may have attempted to tamper with the 2016 election, helping put an unstable narcissist in the White House. But the upside is that it has finally led Congress to adopt a sensible approach to cybersecurity. The main question is whether the narcissist in question will sign off.

The 2018 Intelligence Authorization bill, passed by a 14-1 vote in the Senate Intelligence Committee on July 28, was unveiled last week. Had Congress mandated the measures included therein in 2015, instead of investing all its energy that year in passing the Cybersecurity Intelligence Sharing Act, it might have mitigated Russia’s efforts to interfere in the election, including the hack of the voting systems of 39 states.

For example, the bill would require the Director of National Intelligence to work with the heads of the CIA, the National Security Agency, the FBI, and the Department of Homeland Security to start a review, a year before a federal election, to identify the security vulnerabilities of any state election systems, including whether they are vulnerable to foreign intelligence threats. They would present their findings to the so-called Gang of Eight—a bipartisan group of senators briefed on intelligence matters—three to six months before the election. Had such a review taken place in 2016, the government might have been able to respond aggressively to Russia’s attempted hack.

The same intelligence officials, plus the secretary of the Treasury, would have three months after passage of the bill to come up with a “whole-of-government strategy” to combat Russian threats to electoral systems. The strategy would include items like auditable paper trails and secure wireless and internet connections for election machines, both of which would make our elections more resilient to a number of threats.





Thus far, the government says no vote results were affected by Russian hacking attempts. (Though North Carolina is conducting an investigation into irregularities with some electronic voting systems, known as poll books, that had been provided by a firm targeted by Russian hackers.) Nevertheless, had these expansive detection efforts been in place in 2016, more of Russia’s hacks might have been identified in real time, with better means to deter them.