Election hacking fears turn heat on Homeland Security

Growing concerns about threats to U.S. election systems have put the heat on the Department of Homeland Security (DHS) and its efforts to boost national cybersecurity.

Homeland Security officials testified this week before the Senate Intelligence Committee that they have evidence that Russia targeted election-related systems in 21 states as part of its wider effort to influence the presidential election.

Now, lawmakers concerned about future foreign interference in U.S. elections are pressuring the department to offer more help to states and provide more details about what happened in 2016.

“I’m deeply concerned about the danger posed by future interference in our elections,” Sen. Mark Warner (D-Va.), the vice chairman of the intelligence panel, said Wednesday. “We have elections in 2018, but in my home state of Virginia, we have statewide elections this year. So this needs a sense of urgency.”

Homeland Security, which was involved in preparing January’s unclassified report on Russian election interference, is responsible for sharing cybersecurity threat information and safeguarding the nation’s critical infrastructure.

Prior to this week, officials had said little publicly about the extent of Russia’s targeting of state and local election systems. That changed Wednesday when two officials said evidence suggests Russian actors targeted election-related systems in 21 different states.

Warner has appealed to Homeland Security Secretary John Kelly to tell the public which states were targeted. Other lawmakers are pressing officials to offer more information about the extent of Russia’s efforts.

“I just really hope we err on the side of disclosure about our systems so that people have full confidence when they go vote,” said Sen. Marco Rubio (R-Fla.).

“We want to be sensitive to security concerns, but that question has to be answered sooner rather than later,” said Sen. Ron Wyden (D-Ore.). “We obviously need to know about vulnerabilities, so that we can find solutions, and we need better cybersecurity to protect elections from being hacked in the first place.”

While officials maintain that the systems targeted were not involved in vote tallying, the disclosure has heightened concerns about the possibility of future foreign interference.

The development has also put a greater focus on what the department can and will do to work with state and local officials to secure their systems in the future.

Lawmakers have zeroed in on Homeland Security’s decision to designate election infrastructure as critical. The move has proven controversial with many state officials, who say that they have received little federal guidance.

“Real issues exist with the designation, including a lack of clear parameters around the order which currently provides DHS and other federal agencies with a large amount of unchecked executive authority over our election’s process,” Indiana Secretary of State Connie Lawson testified this week.

Many lawmakers have remained neutral on the issue, in part because of fears about a federal takeover of elections.

“Just to be clear, nobody’s talking about a federal takeover of local election systems or the federal rules,” Sen. Angus King (I-Maine) said Wednesday. “What we’re talking about is technical assistance in information and perhaps some funding, at some point.”

Others have been firmer in their support of the critical infrastructure designation, announced in the final weeks of the Obama administration. The full slate of Democrats on the House Homeland Security Committee wrote to Kelly this week urging him to keep the designation.

Kelly himself has indicated that he will keep the designation in place, but has admitted receiving pushback from state-level officials.

According to Homeland Security, the designation brings federal protections to polling systems, voting machines, voter registration databases and other elements of election infrastructure in the event that state or local officials request it.

It is also meant to make it easier for the federal government to share sensitive vulnerability information with election officials.  However, Lawson questioned that aim, testifying that no secretary of state has yet been authorized to receive classified threat information from the intelligence community.

At the heart of the department’s cyber efforts is the National Protection and Programs Directorate, an entity for which the Trump administration has not formally nominated a leader. There has been a sustained effort by lawmakers, led by Rep. Michael McCaul (R-Texas) to reorganize the directorate into an operational agency to handle cybersecurity.

While lawmakers have widely praised DHS for making gains on cybersecurity — most recently in its response to the global “Wanna Cry” ransomware attack — many have acknowledged the need for the department to improve information sharing with operators of critical infrastructure.

Kelly, speaking at a national security forum, acknowledged the challenge posed by adversaries and the need for the department to improve its cyber capabilities.

“We have world-class people doing this, we have world-class partnerships,” Kelly said Thursday. “We have relationships with states, in many cases they don’t like us talking about what we’re doing with them, that includes the commercial world.

“We are under assault,” he continued. “Anything we can do to increase the defensive capability, the better we’ll be.”