Vice President Mike Pence on Tuesday delivered the most direct and high-profile appeal from the Trump administration to states to accept federal aid in securing election systems, citing a recent “malware attack” in Kansas as a need for state-federal cooperation.
“Take advantage of the assistance offered by our administration,” Pence said at the Department of Homeland Security’s cybersecurity summit in New York City. “Do everything in your power to strengthen and protect your election systems.”
“It concerns us that many states still don’t have concrete plans to update their voting systems,” said Pence, the former governor of Indiana. “Fourteen states are struggling to replace outdated voting machines that lack paper trails before the next presidential election [in 2020].”
To emphasize the need for federal election-security assistance, the vice president shed light on what he described as a “malware attack” within the last two weeks in Finney County, Kansas.
Finney County officials reached out to DHS personnel after the incident “forced them to shut down not just their election network, but the entire county’s network,” Pence said.
“Federal officials worked earnestly, hand-in-hand, with county officials to identify and ultimately eliminate this dangerous intrusion,” he added. “This action was a model of the collaboration that we need to ensure the security of our elections, and we commend the state and local and federal officials who made it happen.”
The 37,000-person county’s computer network shut down twice in July in response to malware and viruses, according to The Garden City Telegram, a local paper. The county enlisted cybersecurity company Trend Micro to create a custom software package for protection, according to the paper.
“We do not consider this a direct attack on Finney County,” Sara McClure, a communications specialist with the county, told CyberScoop in an email. “We have no information about where the malware originated. A malicious email attachment was received and clicked on.”
“We deliberately shut down our network to protect our data and clean all county devices, whether they had been infected or not,” McClure continued. “We contacted state officials, who then contacted Department of Homeland Security, who deployed their resources to advise us on mitigating the issue. We have successfully brought our network back online and are functional for all services.”
After the 2016 presidential election, in which Russian hackers probed IT systems in 21 states, DHS has stepped up the cybersecurity services it offers states, including through training and classified threat briefings. DHS officials have looked to overcome traditional state suspicions of federal overreach by emphasizing that their services are voluntary.
Meanwhile, Congress has allocated $380 million to states to beef up their election security, but as Pence implicitly acknowledged, that funding is not enough to replace the less-secure paperless voting machines used in more than a dozen states.
Such federal efforts to learn from Russia’s intervention in the 2016 election have stood in sharp contrast to President Donald Trump’s repeated questioning that Moscow meddled in the election. But where Trump has often equivocated, Pence was clear in his speech Tuesday. “While other nations certainly possess the capability, the fact is that Russia meddled in our 2016 elections,” Pence said.
“[W]hile no actual votes were changed, any attempt to interfere in our elections is an affront to our democracy and it will not be allowed,” Pence continued.
Pence also put a partisan bent on proceedings by saying that the Obama administration “all but neglected” cybersecurity, and “too often chose silence and paralysis over strength and action.’
The Obama administration, like Trump’s, poured billions of dollars into federal cybersecurity defenses and issued numerous directives to try to stem data breaches at federal agencies. Both administrations have also tried to rein in hacking from adversarial nations through indictments and sanctions. Trump administration officials like Pence and Homeland Security Secretary Kirstjen Nielsen have claimed to be tougher on foreign hackers than their predecessors.
Outside experts and former government officials have criticized the Trump White House’s decision in May to eliminate the White House cybersecurity coordinator position as undercutting the administration’s ability to lead on the issue .
UPDATE, 2:38 p.m. EDT : This story has been updated with a statement from Finney County communications specialist Sara McClure.