DHS talks with states about shoring up cyber in voting systems
DHS chief Jeh Johnson kicks off voting infrastructure cybersecurity awareness campaign.
DHS Secretary Jeh Johnson is conferring with state and local governments about the cybersecurity of voting systems.
In the wake of high-profile hacks of Democratic National Committee databases and associated concerns for the cybersecurity of the country's voting infrastructure, the Department of Homeland Security has kicked off a campaign to raise awareness its cyber resources for states.
In an Aug. 15 conference call with members of state government organizations and other chief election officials to talk about the election infrastructure, Johnson said his agency was opening a Voting Infrastructure Cybersecurity Action Campaign. The initiative, he said, taps experts from the private and government sectors to get the word out on possible cybersecurity risks for voting infrastructure and processes.
The conference call was a key part of advertising the department's assistance capabilities, a DHS official said.
Johnson said on the call that representatives from the National Association of Secretaries of State had been invited to be part of the campaign. (NASS membership includes government officials from all 50 states, as well as from U.S. territories.) The U.S. Election Assistance Commission, the Department of Commerce's National Institute for Standards and Technology and the Justice Department also participated in the call, according to a DHS statement.
After repeated hacks of DNC systems by attackers who have been linked by multiple cybersecurity experts to Russian government interests, DHS is actively considering classifying the U.S. election systems as part of the nation's critical infrastructure, much like the power grid, communications and financial services sectors. Such a move would bring voting systems, which are run mostly by state and local governments, under DHS' cyber protection umbrella.
Johnson also reminded state officials that federal agencies are available now to help gird election systems against cyberattack. The DHS National Cybersecurity and Communications Integration Center will conduct vulnerability scans, provide actionable information, and provide access to other tools and resources to help with election system cybersecurity on request.
He also advised state officials to heed NIST and EAC recommendations that electronic voting machines not be connected to the internet while voting is underway.
State officials who were on the call told FCW it was the first time they could remember that DHS had convened a discussion on election security. They said the call was productive, with the agency not only providing its advice to states for voting system cybersecurity, but with states telling DHS about their precautions in a contentious election cycle.
"The states feel, for the most part, that they're in good shape" cybersecurity-wise, as most have made sure their systems are self-contained and not Internet-facing, said one representative who agreed to speak on background.
Johnson had said in early August that DHS must "carefully consider whether our election system is critical infrastructure, like the financial system or the power grid. There is a vital national interest in our election process."
On the call, Johnson reiterated the agency was still mulling the idea, adding that DHS officials are not aware of specific or credible cybersecurity threats to systems supporting the upcoming general election. He added, however, that the situation could change quickly.
States, the call participant told FCW, are still unsure of the full implications a critical infrastructure designation and how it might affect their operations. State officials on the call asked DHS for more detail on potential effects as the election quickly approaches, with early voting in some states beginning in September.
NEXT STORY: Challenge.gov takes wing