DHS Official: Election Cyber Help Not a ‘Federal Takeover’

September 28, 2016–Andy Ozment, assistant secretary-cybersecurity and communications at the Department of Homeland Security, emphasized today at a hearing of the House Oversight and Government Reform Committee’s information technology subcommittee that any help DHS is lending to state and local election officials to evaluate and improve the security of voting systems was being done as a result of voluntary requests from the states, and not as part of a “federal takeover” of election systems or their security functions.

Mr. Ozment reiterated that message at the hearing along with the substance of similar comments from DHS Secretary Jeh Johnson last week (TRDaily, Sept. 16) when he said that that while DHS was ready to offer a range of cybersecurity help to state and local election officials to secure voting systems from cyber attacks, any such assistance would be provided only if state and local officials asked for it, and that it wouldn’t be accompanied by any “binding directives.” Despite reported hacks into Democratic Party networks and into voter registration networks in Illinois and Arizona, Mr. Ozment said today that several factors pose a “real challenge” to hackers bent on changing voting results in U.S. elections, including the wide dispersal of voting systems, the fact that systems that accept and tabulate votes are not typically connected to the Internet, and that most states have systems that preserve paper ballots that can be used to verify machine-based tabulations. 

“We have confidence in the overall integrity of our voting systems,” Mr. Ozment said, saying that such systems are “fundamentally resilient,” locally controlled, and feature “many checks and balances.” Despite those assurances, Brian Kemp, secretary of state for the state of Georgia, offered some pushback to Mr. Ozment’s statements by saying that the “D.C. response” to reports of election-related hacking has been to take “steps to federalize the system.”

He said that comments by DHS Secretary Johnson that DHS would consider designating election systems as critical infrastructure “caught many election officials by surprise and rightly so,” and said those comments “raised the level of public concern beyond what was necessary.”

Mr. Kemp stated that while cyber attacks on voting systems “cannot change the votes that are cast,” the mere threat of such attacks “can undermine confidence in the outcome of an election,” and he asserted that such undermining “has already started among conspiracy theorists and members of the media.” Other types of threats—including physical violence and the spreading of misinformation are “far more likely to occur” than cyber attacks on voting systems, he said.

Thomas Hicks, chairman of the U.S. Election Assistance Commission, echoed the sentiment that elections systems are not facing significant risk of successful cyber attacks, stating, “First and foremost, our elections are secure.  Voters should have confidence that their votes will be counted accurately.”….“There is no single uniform national election system that manages elections . . . [and] There is no national system that a hacker can infiltrate to affect elections as a whole,” he said.

Rep. Elijah Cummings (D., Md.), ranking member of the full committee, said at today’s hearing that cyber threats amounted to “only a fraction” of the risks faced by the U.S. election system, with the greater danger being posed by efforts in some states to disenfranchise voters  by changing voter registration rules including identification requirements.

Rep. Robin Kelly (D., Ill.), ranking member of the subcommittee, said that while reports of attempts by foreign agents to hack into U.S. election systems were “extremely troubling,” she said the greater risk of election-related mischief was posed by outdated voting machines and their ability to be accessed and manipulated.  – John Curran, john.curran@wolterskluwer.com

Courtesy TRDaily