A senior Department of Homeland Security official on Tuesday defended its work to help secure voting systems before midterm elections, but a top Democratic lawmaker worried those efforts were insufficient.
DHS has “adopted an aggressive posture” to help state officials secure their voting infrastructure and will do all it can ahead of Election Day, DHS’s Jeanette Manfra told the Senate Homeland Security and Governmental Affairs Committee. At the same time, she said, the department has yet to detect Russian cyber-activity on state systems this election season.
DHS will use the $26 million in additional election-security funding provided by the March omnibus to increase vulnerability assessments and other services it offers states, Manfra told CyberScoop after the hearing. That money is separate from the $380 million the bill allocated directly to individual states to do things like upgrade their computer systems and train officials in cybersecurity.
But Sen. Claire McCaskill, D-Mo., the committee’s ranking member, said DHS’s efforts could fall short. Notwithstanding the closer relationships the department has built with state officials, “I have serious reservations about our level of preparedness” for the midterm elections, McCaskill said.
The Trump administration, McCaskill added, has only been “treating the symptoms” of Russian interference rather than clearly deterring that behavior.
The U.S. intelligence community concluded that Russian hackers meddled in the 2016 presidential election, and U.S. officials have warned of more Russian information-influence operations ahead of the midterm elections. To shore up state voting infrastructure, DHS is providing network scans, classified briefings, and other tools to state officials.
Asked last week at the RSA Conference in San Francisco if she was confident that election infrastructure is secure for the midterms, Homeland Security Secretary Kirstjen Nielsen did not answer the question directly, saying she was confident that DHS would do everything it could to help secure that infrastructure.
McCaskill and Sen. Maggie Hassan, D-N.H., expressed dismay at Nielsen’s response.
“She did not provide the assurances that many of us wanted or, frankly, expected to hear from her,” Hassan told Manfra, who sought to reassure the committee that DHS was on top of the issue.
“We do not have perfect visibility into every state and local system,” Manfra said. “What we have confidence [in] is that DHS is doing everything that we can, that the government is doing everything we can, and that we have greater visibility than we did in 2016.”
She added: “In no sector would I ever say I have complete confidence that nothing will ever happen, because that would be a foolhardy statement.”
States have greater visibility into their networks today than prior to the 2016 election, when Russian hackers conducted scans of IT systems in 21 states and probably targeted others, Manfra said.
Eric Rosenbach, a former cybersecurity official at the Defense Department, told lawmakers that states simply aren’t prepared to defend against nation-state hacking. State governments should consider bolstering the role of the National Guard in disseminating information on cyberthreats to election systems, he added.
Committee Chairman Ron Johnson, R-Wis., cautioned against overstating the cybersecurity risk to voting infrastructure.
“I do not underestimate this, but at the same time I don’t want to be playing into [Russian President Vladimir] Putin’s hands in terms of creating this great doubt in our election systems,” Johnson said.
Separately, Manfra’s Office of Cybersecurity and Communications responded to a request for more information from Sen. Ron Wyden, D-Ore., on how confident DHS is that “the election technology sold by vendors to the states follows cybersecurity best practices.”
In a response dated April 10 shared with CyberScoop, Manfra’s office said the department had not “assessed the extent to which individual vendors are following cybersecurity best practices,” but that DHS “continues to work with vendors of voting systems technology to continue to improve the overall security of the election process.”
The department also helps states develop security standards and requirements for procuring election equipment, Manfra’s office said.
Politico was first to report on DHS’s response to Wyden.