Homeland Security speeds up election security aid to states
A top cybersecurity official at the Department of Homeland Security said Wednesday that he expects the department to complete rigorous election security tests requested by a number of states by April. Bob Kolasky, the acting deputy undersecretary in Homeland Security’s cyber unit, acknowledged previous reports of a backlog of risk and vulnerability assessments, which the department has offered to states as part of its designation of election infrastructure as critical. Politico reported in late December that states faced up to 9-month waits for the thorough assessments, leaving little time before the 2018 midterm elections for states to mitigate any potential flaws in their voting systems.
ADVERTISEMENT “I am here today to tell you we have the ability now to meet all the state requests that we have received,” Kolasky said during a keynote address at a summit organized by the U.S. Election Assistance Commission in Washington.
The department has already completed assessments for three states and expects to meet the remaining 11 requests by mid-April, he said. “We want all the rest of the states to sign up, and if they do we believe we will be able to do those risk and vulnerability assessments onsite before the midterm elections,” Kolasky said. “That is a significant shift of our own resources.” Homeland Security moved to designate election infrastructure as critical in January in light of Russian efforts to interfere in the 2016 presidential election.
The decision opened up voting systems, registration databases and other election infrastructure to federal protections for states that request them. The designation was made by the Obama administration and has been maintained by the Trump administration. Initially, federal officials faced blowback from state and local officials for the decision as a result of fears that the designation signaled a federal takeover of elections, which have historically been administered by states.
Homeland Security has revealed that Russian cyber actors targeted election-related systems in 21 states before the election. In Arizona and Illinois, hackers breached state registration databases. The revelations have spurred fears that foreign actors could similarly target the 2018 elections and have sent some states racing to secure their systems.
“I would say we have seen no evidence that the Russian government has changed its intent or changed its capability to cause duress to our election system,” Kolasky said Wednesday, adding that next time it could be “another actor or another nation-state.” “That, in my mind, makes this a national security issue,” he said. “There is a threat out there.” Kolasky said that Homeland Security has focused on building partnerships with state election officials, improving the pace at which threat information is being shared and making tools available to support states as they look to shore up their systems.
The risk and vulnerability assessments represent the most extensive aid in Homeland Security’s toolkit. The department deploys federal cyber experts on the ground in states to assess systems and make recommendations. In particular, Homeland Security has stood up a coordinating council to engage with states and other stakeholders on election security efforts.
Kolasky said the department is in the process of working with industry to stand up an additional council to engage with vendors of election technology and others on election security.
Kolasky serves as acting deputy undersecretary at Homeland Security’s National Protection and Programs Directorate, the headquarters unit responsible for protecting critical infrastructure from physical and cyber threats.