People use electronic voting machines to cast their ballot in the midterm elections in Laguna Beach, Calif., on Nov. 6. (Robyn Beck/AFP/Getty Images)

ONE OF American elections’ biggest vulnerabilities can be found in one of the most obvious places: the voting machines themselves. The country’s voting infrastructure may not have been tampered with this time around, but experts say outdated systems and an overreliance on hackable electronics mean that if someone wanted to attack the next election, they might well get away with it.

Even absent an interference attempt (or at least one that officials are aware of), the problems with voting machines during last week’s midterms were manifest and manifold. In Texas and several other states, technological flaws led to some votes reportedly getting flipped from one candidate to another. In North Carolina, some systems did not work because of the humidity. New York also experienced large-scale breakdowns.

Machines fail for the same reason they are susceptible to attack: They are aging, and fast. Congress passed the Help America Vote Act in 2002 after confusion caused by paper ballots in the 2000 election, but the electronic systems that states adopted in their place were not built to last longer than 10 or 15 years. A Brennan Center for Justice survey this year found that 41 states are using systems that are at least a decade old, and officials in 33 states said they need to replace their systems by 2020, but many lack the funds to do so. Older machines are not only more likely to fail; they are also more likely to use obsolete software that makes it difficult to write security patches or replace hardware. Some election officials have had to resort to scouring eBay for spare parts.

New machines and updated software would make election infrastructure safer, and the Department of Homeland Security’s efforts this election cycle to monitor states’ systems for malicious traffic should also continue. But electronic voting systems, from machines to digital poll books to tabulators, will always be vulnerable as enemies become more sophisticated. The surest answer would be a law from Congress, similar to the Secure Elections Act currently stalled in the Senate, to mandate that states maintain a voter-verified paper record to pair with any electronic one. States should also be required to conduct the type of robust audits after an election that Colorado, New Mexico and Rhode Island currently mandate.

Congress will have to provide more than rules: States need money. Legislators recently apportioned $380 million to address the election cybersecurity crisis, yet far more funding must be devoted specifically to replacing obsolete systems with securer alternatives and boosting auditing capabilities. Protecting our elections will not be cheap. It will be worth the cost.