The FBI, NSA and CIA all agree that the Russian government tried to influence the 2016 presidential election by hacking candidates and political parties and leaking the documents they gathered. That’s disturbing. But they could have done even worse. It is entirely possible for an adversary to hack American computerized voting systems directly and select the next commander in chief.

A dedicated group of technically sophisticated individuals could steal an election by hacking voting machines in key counties in just a few states. Indeed, University of Michigan computer science professor J. Alex Halderman says that he and his students could have changed the result of the November election. Halderman et al. have hacked a lot of voting machines, and there are videos to prove it. I believe him.

Halderman isn’t going to steal an election, but a foreign nation might be tempted to do so. It needn’t be a superpower like Russia or China. Even a medium-size country would have the resources to accomplish this, with techniques that could include hacking directly into voting systems over the Internet; bribing employees of election offices and voting-machine vendors; or just buying the companies that make the voting machines outright. It is likely that such an attack would not be detected, given our current election security practices.

What would alert us to such an act? What should we do about it? If there is reason to suspect an election result (perhaps because it’s an upset victory that defies the vast majority of preelection polls), common sense says we should double-check the results as best we can. But this is hard to do in America. Recount laws vary from state to state. Not all states even allow recounts, and many of those that do require that a candidate request the recount and pay for it himself or herself. In the 2016 election Green Party presidential candidate Jill Stein, citing potential security breaches, requested a recount in Wisconsin, Pennsylvania and Michigan, all of which unexpectedly and narrowly went to Donald Trump.

Those efforts did not change the results. Nevertheless, it has become clear that our voting system is vulnerable to attack by foreign powers, criminal groups, campaigns and even motivated amateurs. We must defend it more effectively. If elections lose their credibility, democracy can quickly disintegrate. It is not good enough to say, after every election, “We can’t prove fraud.” We need evidence that vote counts are accurate.

The good news is that we know how to solve this problem. We need to audit computers by manually examining randomly selected paper ballots and comparing the results with machine results. Audits require a voter-verified paper ballot, which the voter inspects to confirm that his or her selections have been correctly and indelibly recorded. Since 2003 an active community of academics, lawyers, election officials and activists has urged states to adopt paper ballots and robust audit procedures.

This campaign has had significant, albeit slow, success. Approximately three quarters of U.S. voters cast paper ballots. Twenty-six states do some type of manual audit, but none of their procedures is adequate. Auditing methods have recently been devised that are much more efficient than those used in any state. It is important that audits be performed on every contest in every election so that citizens do not have to request manual recounts to feel confident about election results. With high-quality audits, it is very unlikely that election fraud will go undetected, whether perpetrated by another country or a political party.

There is no reason we cannot implement these measures before the 2020 elections. As a nation, we need to recognize the urgency of the task, to overcome the political and organizational obstacles that have impeded progress. Otherwise, we risk losing our country to hackers armed with keyboards, without a shot being fired.