Lawmakers zero in on election system security

Lawmakers zero in on election system security
© Getty
Lawmakers are focusing on the security of election systems amid rising concerns that Russia could use cyberattacks to disrupt future elections.
 
The role of the federal government in protecting voting infrastructure has been a point of tension between Washington and state and local election officials since the Obama administration designated election infrastructure as critical in January, a move that coincided with the release of an unclassified intelligence report on Russian election meddling.
 
On Wednesday, members of the Senate Intelligence Committee will grill officials at the Department of Homeland Security and the FBI, as well as state-level officials and experts outside the federal government, on what can be done to thwart potential threats to elections in 2018 and 2020.
 
Simultaneously, the House Intelligence Committee will hear from Jeh Johnson, the Obama-era Homeland Security secretary who announced the new election infrastructure designation weeks before President Trump took office.
 
Both hearings are part of the committees’ parallel investigations into Russian interference efforts.
 
Much of the focus on Russia’s behavior has been on its hacking of the Democratic National Committee (DNC) and whether there was coordination between Moscow and Trump associates in the interference campaign.
 
The intelligence community has offered few details publicly about Moscow’s targeting of the U.S. electoral system, saying in the January assessment that “Russian intelligence accessed elements of multiple state or local electoral boards” that were not involved in vote tallying.
 
But a classified National Security Agency report recently obtained by The Intercept indicated that Russian hackers targeted more than 100 local election officials using spear-phishing emails ahead of the election.
 
Bloomberg reported last week that Russian hackers targeted systems in as many as 39 states, making the effort much wider than previously known. Authorities have already revealed that foreign-based hackers breached voter registration databases in Arizona and Illinois, the latter of which is said to have compromised the information of 80,000 voters.
 
Federal and state officials maintain that no vote tallies were altered by Russia’s cyber intrusion efforts.
 
Nevertheless, recent developments have spurred efforts in Illinois and New York to evaluate the cybersecurity of voting infrastructure. 
 
Ahead of Wednesday’s meetings, Sen. Mark WarnerMark Robert WarnerOvernight Energy & Environment — Presented by the American Petroleum Institute — Intelligence report warns of climate threats in all countries The Hill's 12:30 Report - Presented by Altria - Biden holds meetings to resurrect his spending plan Democrats feel high anxiety in Biden spending conflict MORE (D-Va.), vice chairman of the Senate Intelligence Committee, pressed Homeland Security Secretary John Kelly to publicly disclose all foreign attempts to hack into or target state and local election systems.
 
“I am deeply concerned about the danger of future foreign interference in our elections,” Warner wrote in a letter. “We are not made safer by keeping the scope and breadth of these attacks secret.”
 
The secrecy surrounding the targeting efforts has rankled some state-level officials who say that they were not made aware of specific threats during the course of the election; had they been informed, officials say, it would have allowed them to better guard their systems.
 
“Election officials did not understand why the intelligence agencies were making the statements they were making,” said Kay Stimson, communications director for the National Association of Secretaries of State. “It was a knowledge gap; it was an information gap.”
 
Indiana Secretary of State Connie Lawson, the association’s president-elect, plans to raise the issue in testimony before the Senate panel on Wednesday, Stimson said. In the majority of states, the secretary of state or lieutenant governor serves as the chief state election official.
 
The Department of Homeland Security (DHS) moved to designate election infrastructure — including voting registration databases, machines and other technology — as critical on Jan. 6, a decision that has been met with resistance from state-level officials. At the time, Johnson noted that it would allow the department to prioritize cybersecurity assistance to state and local election officials who request it and increase the exchange of sensitive vulnerability information.
 
While Kelly has indicated that he will keep the designation in place, the new administration has said little officially on the subject, prompting questions from lawmakers on Capitol Hill.
 
“I appreciate that your Department designated the nation’s election infrastructure as ‘critical infrastructure,’ ” Warner further wrote to Kelly on Tuesday. “I request that you provide an update to the Committee on what actions the Department has taken since this designation to improve and increase such assistance.”
 
A DHS spokesman told The Hill that the designation "does not change the primary role state and local governments have in administering and running elections" but brings federal protections to election infrastructure when requested. 
 
"It does not create new regulations," the spokesman said. "There are currently 16 critical infrastructure sectors, including 21 subsectors, eligible to receive prioritized cybersecurity assistance in the same manner."
 
Some argue that the designation, while well intentioned, won’t be enough on its own.
 
James Norton, a former DHS official and adjunct professor at Johns Hopkins University, said lawmakers should be more focused on getting states to upgrade their legacy voting technology.
 
“What could DHS possibly do in the next 18 months outside of issuing guidance?” Norton said. “It’s a procurement issue.”
 
The federal government should also work to provide better cyber awareness training at the state and local levels to prevent phishing attacks like those that were successful in 2016, Norton said. The government should also share more threat information, at least to the extent possible under classification rules, he said.
 
On Wednesday, the Senate panel will hear from two DHS officials involved in cybersecurity matters as well as the assistant director of the FBI’s counterintelligence division.
 
The second witness panel includes several state-level election officials, including the executive director of the Illinois State Board of Elections.