Two more states claim DHS probed election systems without permission
- By Mark Rockwell
- Feb 24, 2017
The Department of Homeland Security conducted unauthorized cyber scans of election systems in Indiana and Idaho, state officials said. The incidents were similar to an unauthorized scan of Georgia's election systems during run-up to the presidential election, or in the days immediately after.
Over 10,000 individual hits on Indiana’s systems originated from a handful of DHS IP addresses, according to the Indiana Information Sharing and Analysis Center. According to a January IN-ISAC report, those same IP addresses were associated with of the scan of Georgia's election systems in the fall of 2016 and early 2017. The report was provided to FCW, GCN’s sister site, on Feb. 23 by the Indiana Secretary of State's office.
The IN-ISAC report said its assessment of traffic to and from its systems between Nov. 15, 2016, and Jan. 24, 2017, found "with a high degree of certainty" that the unauthorized scans originated at DHS IP addresses. It said it confirmed the IP addresses were owned by DHS through a "WhoIS" search.
The report said a total of 10,184 unique connections from the IP addresses created over 1 billion network events during the time period. A total of 45 unique State of Indiana public-facing IPs were scanned from the nine DHS IP addresses.
The report all but ruled out web profiling done by authorized multi-state ISACs or other authorized network and penetration testing. It said it had not requested or provided consent for services from the National Cybersecurity Assessment & Technical Services or any other penetration testing services offered by any US-DHS component.
In January, Georgia's Secretary of State Brian Kemp complained about the activity on his systems to DHS in a letter, which led to a House Oversight inquiry to DHS about the issue.
After reports surfaced in December about Georgia, DHS said it traced the attempt outlined in Kemp's letter to the agency back to a contractor working at the Federal Law Enforcement Training Center in Glynco, Ga. The firm said it was verifying licenses for prospective armed guards for the facility, a service that the Secretary of State's website provides.
As the report from the IN-ISAC emerged publicly, Idaho Secretary of State Lawerence Denney told a local newspaper on Feb. 14 that his state's public election website had also experienced similar unauthorized DHS during the same period.
Some states have become vocal opponents of DHS' designation of their election systems as critical infrastructure worthy of the same federal protections as crucial industries such as energy and financial systems.
This article was first posted to FCW, a sister site to GCN.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.