WASHINGTON — If the full Senate, as expected, approves a recent committee decision to spend $250 million more to protect the 2020 elections from outside interference, Congress will have devoted at least $630 million toward that goal since Russia sought to influence the last presidential election.
It sounds like a lot, experts say, until the realization that a single state, Pennsylvania, plans to spend at least $125 million to upgrade its voting machines.
And that expense addresses just one vulnerability in an elections system whose security procedures — including vulnerable files of registered voters and inadequate systems for postelection audits — can be even creakier than its voting machines.
State and local election officials are left “rolling the dice” between replacing their antiquated paperless voting machines or upgrading outdated registration databases, said Lawrence Norden, the director of the Election Reform Program at the Brennan Center for Justice at New York University.
“Two hundred and fifty million dollars across over 8,000 election jurisdictions doesn’t come close to paying for these things in a single year, let alone for elections beyond 2020,” he said in an email.
The Brennan Center has estimated that state and local agencies would need nearly $2.2 billion over the next five years to adequately shield elections from tampering.
The stakes were underscored on Thursday by Joseph Maguire, the intelligence chief at the center of the fight over a whistle-blower complaint about President Trump’s dealings with Ukraine during testimony before the House Intelligence Committee.
“I think that the greatest challenge that we face is not necessarily, you know, from a kinetic strike with Russia or China or Iran or North Korea,” Mr. Maguire said. “I think the greatest challenge that we do have is to make sure that we maintain the integrity of our election system.”
How much Congress will appropriate for election security this year remains unclear. The House has approved $600 million, but the two chambers are likely to settle on a compromise amount in a legislative conference this fall.
Congress allotted $380 million to the states in 2018, money that has largely been spent or committed to security improvements by the 2020 election season, with much remaining to be done.
That allocation provided $14.1 million of the more than $125 million that Pennsylvania plans to spend on voting equipment, and about $6 million for new voting machines in Louisiana that could cost $95 million.
Colorado received more than $6.3 million from the 2018 grant, and “we have plans to use every penny,” Secretary of State Jena Griswold said. But she said a lengthy list of security measures was still unfunded, including safeguards against ransomware attacks; improvements for the state’s voter-registration database; protection for county election offices that connect to that database and for computers linked to county offices; an artificial-intelligence system to detect threats to election offices; and a cybersecurity staff to work with counties.
“And that’s speaking for a state with some of the best cybersecurity safeguards in the nation,” Ms. Griswold said. “When you look at other states that don’t have recently purchased voting equipment, don’t have equipment that’s not completely separated from the internet, don’t have audits — for them, the need is even more pressing.”
Beyond their immediate needs, Ms. Griswold and other state officials said, election agencies will need a steady infusion of money to keep their security measures current against the ever-improving skills of potential intruders.
The $250 million allotment in the Senate was the first sign of movement in a standoff over voting security that had stymied a sheaf of legislation even before Democrats took control of the House of Representatives in November.
Since then, the House has passed two sweeping proposals to tighten the elections infrastructure, one of which, the Securing America’s Federal Elections Act, or SAFE Act, recommended the $600 million the House appropriated separately. Other proposals that have yet to pass either chamber would allot up to $1 billion on security before the 2020 election.
Other congressional proposals that have gone nowhere include bipartisan efforts to force social media companies like Facebook to disclose who is paying for political content on their sites and to set rules for cooperation between state election officials and federal intelligence agencies.
Those bills and others have largely been bottled up by Senator Mitch McConnell, the majority leader. Mr. McConnell, who after months of criticism for inaction agreed to sponsor the $250 million security package approved last week, said the appropriation would continue the “enormous strides” the Trump administration had made toward more secure elections.
Senator Ron Wyden of Oregon, one of the leading Democrats on voting security issues, called the measure a “joke.”
“This amendment doesn’t even require the funding be spent on election security,” he said in a statement. “Giving states taxpayer money to buy hackable, paperless machines or systems with poor cybersecurity is a waste.”
That underscored one of the key partisan differences that has blocked voting legislation. Calling it federal intrusion in local elections, Mr. McConnell of Kentucky and some other Republicans oppose proposals to tighten oversight of the voting infrastructure, such as limiting the purchase of voting machines to devices that produce a paper ballot. Democrats and other Republicans see such rules as central to shielding systems from outside interference.
“We don’t have basic standards for cybersecurity around elections,” Mr. Norden, of the Brennan Center, said. “There are zero federal regulations on voting system vendors — even requirements to report that they’ve been hacked. You’re not going to deal with that through the appropriations process.”
Mr. McConnell argues, and experts agree, that the states have vastly improved security measures since the 2016 elections. The Department of Homeland Security, the lead federal agency on the issue, is offering cybersecurity screenings and advice in all 50 states. By the 2020 general election, the share of voters who use machines that produce no paper trail, recently about one in four, will shrink to perhaps one in 10.
But many experts say much more needs to be done. The Brennan Center report estimated that states need nearly a half-billion dollars to modernize and secure their electronic files of registered voters, a target of Russian intelligence in all 50 states in 2016.
Millions of dollars more are needed to build backup systems, from copies of voter lists at individual polling places to stacks of paper ballots, that could be used if attackers disabled digital voting systems. Postelection audits in many states are either antiquated or missing altogether; conducting modern audits nationwide would cost about $20 million a year, according to the report.
Still more money would be needed to train election officials in each of the nation’s 8,000 to 10,000 election districts, many in rural areas that lack money for security measures.
And because hackers and foreign intelligence operatives are constantly honing their skills, state officials say, election offices need regular infusions of money — the Brennan Center has suggested $175 million every two years — to update their own safeguards.
“That gives us the ability to plan out as well when we can expect funding so we’re not attached to the political whims from year to year,” Jocelyn Benson, the Michigan secretary of state, said at a cybersecurity summit in Washington last week.