Department of Homeland Security May Have Accessed Other State's Websites

Concerns have risen about a Department of Homeland Security computer making questionable visits to a number of state computers in recent months.

by Aaron Gould Sheinin, The Atlanta Journal-Constitution / December 19, 2016

(TNS)--The National Association of Secretaries of State wants federal officials to help resolve concerns that a Department of Homeland Security computer made questionable visits to a number of state computers in recent months.

The organization, based in Washington, "wants to make sure that we help the states in question get a quick resolution of this matter from the Department of Homeland Security and that there is a way to resolve it to everyone's satisfaction," Kay Stimson, spokeswoman for the association, told The Atlanta Journal-Constitution on Thursday.

The organization surveyed its members after Georgia Secretary of State Brian Kemp's staff traced what it considered a cyber threat against its network to a DHS-owned computer. The agency has denied any attempt to penetrate Georgia's protected systems.

Two states -- Kentucky and West Virginia -- discovered visits to their systems by the same computer involved in the Georgia incidents. Both of those states, however, said the visits did not appear to be malicious.

Kentucky and West Virginia were among the 48 states that agreed to allow DHS to perform security checks of their election systems in August. Georgia, at Kemp's direction, was one of two that refused. The DHS computer involved in the current dust up was not part of the agency's scans of state systems

Kemp said his office's outside cybersecurity vendor alerted him that the computer in question tried unsuccessfully on Nov. 15 to defeat the office's protective firewalls.

Bradford Queen, spokesman for Kentucky Secretary of State Alison Grimes, said the National Association of Secretaries of State, at Kemp's request, asked if other states had experienced similar attempts to access their systems.

"Our office investigated and found that in a handful of instances an IP address allegedly sourced to the Department of Homeland Security had accessed our public voter information and online voter registration websites," Queen said.

But, they found no "attempt to scan, attack, or infiltrate our system and that the visits appeared to be regular web traffic."

The responses from Kentucky and West Virginia would seem to bolster Homeland Security's claim that a federal contractor based in Georgia used the computer in question to perform routine background checks of job applicants. The contractor contacted the secretary of state's website to check professional licensing databases housed there, DHS Secretary Jeh Johnson said in a letter to Kemp earlier this week.

"We have been in touch with both states and this appears to be normal web traffic," a DHS official told The Atlanta Journal-Constitution Thursday. The official was not authorized to speak on the record.

But that does not explain why the contractor was on Kentucky's elections website at all. Kentucky's secretary of state does not process professional licenses and it seems unlikely the contractor would need to access election results.

Morgan Wright, senior fellow at the Center for Digital Government and owner of a Virginia-based cyber strategy firm, said DHS's explanations do not hold up.

"How does a laptop, a standard laptop, get configured like this but no others?" Wright said. "It appears to be this one magic computer that makes it appear like a (malicious) scan."

Either DHS isn't being completely honest or it has competency issues, Wright said.

"How does a computer get configured to do those things and not be detected?" he said. "What does that tell you about DHS' ability to defend itself from attacks?"

A spokeswoman for West Virginia Secretary of State Natalie Tennant said the computer in question appeared to visit the state's election results Nov. 7 and and on Oct. 29, 2016 an invalid website address was used to try to reach its voter registration system. "This activity was recorded by our office firewall. We have no indication at this time that the attempt was malicious."

Kemp on Wednesday said he was not satisfied with the response thus far from the Department of Homeland Security and asked President-elect Donald Trump to order a full investigation once he is inaugurated in January. Efforts to reach Trump's communications staff were unsuccessful Thursday.

On Thursday, Kemp said the results of the survey of other states shows the situation "just continues to produce more questions than answers."

Stimson, the spokeswoman for the national organization, agreed.

The Department of Homeland Security has said they're investigating, she said, but "we don't have a full accounting at this point of what was behind this situation."

©2016 The Atlanta Journal-Constitution (Atlanta, Ga.) Distributed by Tribune Content Agency, LLC.