Should Election Systems be a Top Priority in U.S. Cybersecurity Right Now?

Several legislators have voiced concerns on the recent designation of voting machines as an urgent matter.

by Kat Tenbarge, The Columbus Dispatch, Ohio / January 12, 2017
Photo Courtesy of Shutterstock

(TNS) -- Ohio Secretary of State Jon Husted disapproves of the U.S. Department of Homeland Security’s decision to designate voting machines and other aspects of the election process as in need of urgent cybersecurity assistance.

“This was an altogether unnecessary move,” Husted said in an emailed statement.

The Republican said the move constitutes “an unprecedented federal overstep” in the state’s right to administer elections.

Homeland Security Secretary Jeh Johnson announced Friday that election software and hardware would be designated as “critical infrastructure,” which gives state elections officials the opportunity to request cybersecurity services including assistance in response to cyberattacks. Designated election infrastructure includes storage facilities, polling places, voter registration databases, voting machines, and any systems used to manage, report and display election processes and results.

Husted, who publicly opposed the move when it was broached in September, said, “I will continue to work with the new administration and leaders in Congress to ensure this does not represent an intrusion by the federal government into state election systems — systems that have served us well for over 200 years.”

Christy McCormick, a member of the federal Election Assistance Commission, questioned in a statement sent Saturday the endgame of the new designation, especially when the benefits of the designation have already been provided to elections officials for the past four months.

“Will DHS or other federal agencies require states to conform to a new security standard?” McCormick wrote. “If DHS were truly only concerned with the security of these elections, they would simply provide these resources without the declaration or requiring states to ‘volunteer’ before any information or resources will be shared.”

Johnson recognized in his statement that many local and state elections officials oppose the designation. He said it will not impede the state’s role in administering elections. Rather, Johnson said, the move means election infrastructure becomes a priority within the National Infrastructure Protection Plan.

But Husted said, “This designation is not something the department needed to rush through in the final days of the current administration, especially seeing the next federal election is nearly two years away.”

The National Association of Secretaries of State released a statement Monday saying the announcement raised many questions and concerns for states and other entities, including why the “ critical infrastructure” classification is needed to combat threats.

“Americans need to know that the November 2016 election — the voting process itself — was not hacked or subject to manipulation in any way,” the statement reads. “No credible evidence of hacking, including attempted hacking of voting machines or vote counting, was ever presented or discovered in any state.”

Johnson’s explanation focused on how voting systems now are eligible for streamlined cybersecurity services granted only to critical infrastructure categories, such as dams, health care and public health, and water and waste-water systems.

“During a recent conference call with the secretary of Homeland Security, it was made clear that this designation either gives some new power to the federal government that they don’t want to discuss, or it is nothing more than a symbolic act,” Husted said. “Unfortunately, we cannot know since the department seemed unwilling to put anything in writing about the change.”

©2017 The Columbus Dispatch (Columbus, Ohio) Distributed by Tribune Content Agency, LLC.

Platforms & Programs