Advertisement

‘Aggressive posture’ defines election security work, DHS official tells senators

A senior Department of Homeland Security official on Tuesday defended the department’s work to help secure voting systems before midterm elections as a top Democratic lawmaker worried those efforts were insufficient.
online voting
(Getty Images)

A senior Department of Homeland Security official on Tuesday defended its work to help secure voting systems before midterm elections, but a top Democratic lawmaker worried those efforts were insufficient.

DHS has “adopted an aggressive posture” to help state officials secure their voting infrastructure and will do all it can ahead of Election Day, DHS’s Jeanette Manfra told the Senate Homeland Security and Governmental Affairs Committee. At the same time, she said, the department has yet to detect Russian cyber-activity on state systems this election season.

DHS will use the $26 million in additional election-security funding provided by the March omnibus to increase vulnerability assessments and other services it offers states, Manfra told CyberScoop after the hearing. That money is separate from the $380 million the bill allocated directly to individual states to do things like upgrade their computer systems and train officials in cybersecurity.

But Sen. Claire McCaskill, D-Mo., the committee’s ranking member, said DHS’s efforts could fall short. Notwithstanding the closer relationships the department has built with state officials, “I have serious reservations about our level of preparedness” for the midterm elections, McCaskill said.

Advertisement

The Trump administration, McCaskill added, has only been “treating the symptoms” of Russian interference rather than clearly deterring that behavior.

The U.S. intelligence community concluded that Russian hackers meddled in the 2016 presidential election, and U.S. officials have warned of more Russian information-influence operations ahead of the midterm elections. To shore up state voting infrastructure, DHS is providing network scans, classified briefings, and other tools to state officials.

Asked last week at the RSA Conference in San Francisco if she was confident that election infrastructure is secure for the midterms, Homeland Security Secretary Kirstjen Nielsen did not answer the question directly, saying she was confident that DHS would do everything it could to help secure that infrastructure.

McCaskill and Sen. Maggie Hassan, D-N.H., expressed dismay at Nielsen’s response.

“She did not provide the assurances that many of us wanted or, frankly, expected to hear from her,” Hassan told Manfra, who sought to reassure the committee that DHS was on top of the issue.

Advertisement

“We do not have perfect visibility into every state and local system,” Manfra said. “What we have confidence [in] is that DHS is doing everything that we can, that the government is doing everything we can, and that we have greater visibility than we did in 2016.”

She added: “In no sector would I ever say I have complete confidence that nothing will ever happen, because that would be a foolhardy statement.”

States have greater visibility into their networks today than prior to the 2016 election, when Russian hackers conducted scans of IT systems in 21 states and probably targeted others, Manfra said.

Eric Rosenbach, a former cybersecurity official at the Defense Department, told lawmakers that states simply aren’t prepared to defend against nation-state hacking. State governments should consider bolstering the role of the National Guard in disseminating information on cyberthreats to election systems, he added.

Committee Chairman Ron Johnson, R-Wis., cautioned against overstating the cybersecurity risk to voting infrastructure.

Advertisement

“I do not underestimate this, but at the same time I don’t want to be playing into [Russian President Vladimir] Putin’s hands in terms of creating this great doubt in our election systems,” Johnson said.

Separately, Manfra’s Office of Cybersecurity and Communications responded to a request for more information from Sen. Ron Wyden, D-Ore., on how confident DHS is that “the election technology sold by vendors to the states follows cybersecurity best practices.”

In a response dated April 10 shared with CyberScoop, Manfra’s office said the department had not “assessed the extent to which individual vendors are following cybersecurity best practices,” but that DHS “continues to work with vendors of voting systems technology to continue to improve the overall security of the election process.”

The department also helps states develop security standards and requirements for procuring election equipment, Manfra’s office said.

Politico was first to report on DHS’s response to Wyden.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts