Analysts say a new round of tests on cybersecurity by the United States Election Assistance Commission will be the most thorough yet of the presidential election process, which began in early March.
In November, the commission voted to expand the scope of its cybersecurity mission to include election services providers.
In the days after that vote, President Donald Trump called election systems a “toxic” environment that was undermining the integrity of the election process.
While the commission has said it plans to do the tests, it has been reluctant to reveal specifics on how the new system will work or which of the country’s more than 4,000 voting locations will be targeted.
Some election officials and cybersecurity experts have argued that the tests will not be accurate, but experts say the results will be useful because they will allow the commission to conduct more detailed tests of voting systems.
“The commission is trying to make sure it can do what it is supposed to do, and it’s going to be more accurate than anything they’ve done before,” said David A. Johnson, director of the Brennan Center for Justice at New York University.
Johnson said the commission will use the tests to “get a feel for what we call the cyber environment” in which elections take place.
It’s the same sort of environment that’s typically seen in the world of nuclear testing, he said.
The commission has been doing such tests since 2012, when it first created the Election Assistance Board, an independent watchdog that oversees cybersecurity for elections.
The board is tasked with identifying vulnerabilities and recommending fixes to help prevent cyberattacks and other threats to elections.
As of last month, it had identified more than 2,300 vulnerabilities that could be exploited to disrupt voting, Johnson said.
Johnson also said the tests could help the commission determine which voting systems are most vulnerable to cyberattacks.
A report by the National Association of Secretaries of State and Election Protection said that only 24 states have been conducting cybersecurity tests in 2018, including North Carolina, Wisconsin, Georgia, Arizona, Missouri, Pennsylvania and Arizona.
While some states have tested systems in the past, most have not.
The Trump administration has sought to undermine state security efforts by urging states to restrict access to voting and by calling for more state-to-state coordination.
In 2018, the president signed a law barring federal election officials from working with election officials in other states to prevent attacks.
Johnson noted that the Trump administration had said it would use its position on cyber to pressure states to stop state elections from taking place.
“That’s the kind of thing that the president is saying to state election officials that we’re not going to take any action on their behalf,” Johnson said, adding that the federal government would be taking a different approach.
Some cybersecurity experts said that the commission’s tests will be helpful because they’ll allow it to conduct further tests of the security of the voting machines, including those used in most of the state’s voting sites.
“I think this is the most important thing the commission can do for us because it will help us assess the cyber landscape, and there are going to likely be lots of questions for us as the commission is doing these tests,” said John Schmitt, executive director of Election Systems Security, a cybersecurity firm.
“It’s a really good test, and we’re really looking forward to the results.”
He said that if the commission does find vulnerabilities in machines, they would likely be found in the early voting period, when there’s little chance of an attack.
“They can be patched,” he said of the new tests.
But Schmitt said that any time the commission conducts tests on the security infrastructure of voting machines before the election, the tests would be “a major issue.”
“We’re really concerned about the state of the machines before and after the election,” Schmitt told The Associated Press in an email.
“We’ve had some issues with some voting machines that were susceptible to attack in the weeks prior to the election.
That’s not going away, but the technology is improving every day.”
Johnson said he is concerned that the results of the tests are not being reported as quickly as the results from the state election boards.
“When it comes to reports, the media tend to be very hesitant to report on them,” Johnson added.
“So if you look at the results, we’re waiting to see what the results are.”
The tests have been under way for months and Johnson said they have helped the commission find vulnerabilities.
“If you can get a good idea of what the environment is, what the risks are, how you can mitigate those risks and what the vulnerability is, that will allow us to do better in the future,” he added.
The Commission’s Cybersecurity Mission The new cybersecurity tests are part of the commission trying to improve election security.
It is expected to issue a new report in 2019 on cybersecurity and election security, Johnson and Schmitt both said.
They also said that when the commission releases its 2018 report in late 2019, it will look at whether it can conduct a new