Attempted voting hacks a 'wake-up call,' former DHS chief says
- By Mark Rockwell
- Sep 29, 2017
Russian meddling in 2016 extended further than the interference with voting infrastructure, and the nation needs a strong strategy to counter Russia's sustained efforts to undermine the integrity of the vote, former Department of Homeland Security leaders told a congressional task force.
States should consider the Russian probes and alleged attempted hacks of voting systems in the last election as "a wake up call," former DHS Secretary Jeh Johnson told House Democrats on the Election Security Task Force in a Sept. 28 public meeting.
Although there is no evidence that Russian interference altered ballots or election results, Johnson told the panel that those efforts "exposed cyber vulnerabilities" that could have serious ramifications.
"Last year, when we saw these voter registration databases being targeted, I was very worried it was the run-up to a huge catastrophic attack" that would result in the deletion of voter registration information, he said. "We were very worried about that, and we continue to worry about the ability of bad cyber actors to compromise voter registration data."
The feared catastrophic attack didn't materialize, but Johnson said the fate of national elections still can rest on key precincts in key states. Elections results can "dance on the head of a pin," he said. "If writers of the TV series 'House of Cards' can figure that out, then a lot of other people could do the same."
The issue of an alleged Russian role in probing election data and systems continues to be controversial. DHS recently supplied information to state officials about attempts to probe systems in 21 states. However, officials in California and Wisconsin so far have disputed those claims.
DHS spokesman Scott McConnell said the agency "stands by its assessment that Internet-connected networks in 21 states were the target of Russian government cyber actors seeking vulnerabilities and access to U.S. election infrastructure."
Judd Choate, president of the U.S. National Association of State Election Directors, told Reuters, "there remains no evidence that the Russians altered one vote or changed one registration."
Former National Protection and Programs Directorate Undersecretary Suzanne Spaulding spoke alongside Johnson at the Sept. 28 forum, warning that the alleged Russian interference was part of a broader effort by that country to destabilize and sow discord in the U.S.
That broader effort should be addressed in Congress and in the White House, Spaulding said. "We can't wait for the outcome of investigations," she told the legislators. "We know enough now. It's time to act."
Johnson's DHS scrambled to follow up on intrusions in two states as the election drew near, as well as to respond to an increasing number of states' requesting his agency scan their systems for signs of attempted break-ins.
In his remarks to the task force, Johnson said 33 states and 36 cities and counties across the country sought cyber assistance from DHS as the 2016 election approached.
Despite those requests, there was friction between fiercely independent state election agencies and DHS when Johnson formally declared early this year that election systems were "critical infrastructure," eligible for federal protections.
Federal and state agencies, said Spaulding, can take several lessons from the incidents in 2016.
She said having cyber and infrastructure experts sit next to each other can help define and blunt hacks on critical infrastructure. DHS infrastructure experts, she said, had developed relationships with state officials that can be valuable in such situations.
In the run-up to the 2016 election and the mounting evidence of Russian probes, Spaulding said DHS "didn't appreciate" some of the finer points of how state election systems were administered, with governors and secretaries of states responsible for different aspects in different states.
Accordingly, Johnson urged congressional caution in moving possible legislation aimed at protecting state voting systems. He and Spaulding noted the valid sensitivities of states in dealing with federal agencies over their systems.
This article was first posted to FCW, a sibling site to GCN.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.