states claim DHS probed election systems without permission

Two more states claim DHS probed election systems without permission

The Department of Homeland Security conducted unauthorized cyber scans of election systems in Indiana and Idaho, state officials said. The incidents were similar to an unauthorized scan of Georgia's election systems during run-up to the presidential election, or in the days immediately after.

Over 10,000 individual hits on Indiana’s systems originated from a handful of DHS IP addresses, according to the Indiana Information Sharing and Analysis Center. According to a January IN-ISAC report, those same IP addresses were associated with of the scan of Georgia's election systems in the fall of 2016 and early 2017. The report was provided to FCW, GCN’s sister site, on Feb. 23 by the Indiana Secretary of State's office.

The IN-ISAC report said its assessment of traffic to and from its systems between Nov. 15, 2016, and Jan. 24, 2017, found "with a high degree of certainty" that the unauthorized scans originated at DHS IP addresses. It said it confirmed the IP addresses were owned by DHS through a "WhoIS" search.

The report said a total of 10,184 unique connections from the IP addresses created over 1 billion network events during the time period. A total of 45 unique State of Indiana public-facing IPs were scanned from the nine DHS IP addresses.

The report all but ruled out web profiling done by authorized multi-state ISACs or other authorized network and penetration testing. It said it had not requested or provided consent for services from the National Cybersecurity Assessment & Technical Services or any other penetration testing services offered by any US-DHS component.

In January, Georgia's Secretary of State Brian Kemp complained about the activity on his systems to DHS in a letter, which led to a House Oversight inquiry to DHS about the issue.

After reports surfaced in December about Georgia, DHS said it traced the attempt outlined in Kemp's letter to the agency back to a contractor working at the Federal Law Enforcement Training Center in Glynco, Ga. The firm said it was verifying licenses for prospective armed guards for the facility, a service that the Secretary of State's website provides.

As the report from the IN-ISAC emerged publicly, Idaho Secretary of State Lawerence Denney told a local newspaper on Feb. 14 that his state's public election website had also experienced similar unauthorized DHS during the same period.

Some states have become vocal opponents of DHS' designation of their election systems as critical infrastructure worthy of the same federal protections as crucial industries such as energy and financial systems.

This article was first posted to FCW, a sister site to GCN.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Tue, Feb 28, 2017

I also appreciate the concerns, but also appreciate the fact that most state budgets are limited, and mandatory evaluation by "expert third parties" for all precincts/parishes/etc. (as the same equipment is not necessarily used by all) in a state could be cost prohibitive. As DHS is tasked with the security of critical infrastructure against terrorists, having them test the election systems seems appropriate and reasonable, as these systems could be used by terrorists to steer US political agendas if the system is "hack-able".

Mon, Feb 27, 2017 DrK

I appreciate these state's concerns. However, if we the people are to have confidence in our election systems then they need to be tested to ensure that the cannot and have not been compromised. I would recommend that DHS should require from each state election board a certification by expert third party security firms security penetration tests and overall cyber security audits.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group