DHS inspector general probing Georgia website scans

The probe follows calls for an investigation from congressional critics of DHS' election cybersecurity efforts.
Georgia state flag
Georgia state flag (Getty Images)

Following congressional requests for action, the inspector general at the Department of Homeland Security has opened an investigation into a series of incidents last year when Georgia state officials have alleged their computer network was scanned by DHS officials.

The independent watchdog “is investigating a series of ten alleged scanning events of the Georgia Secretary of State’s network that may have originated from DHS-affiliated IP addresses,” Inspector General John Roth says in a letter to Secretary of State Brian Kemp, dated Jan 17.

The letter asks for web-traffic and network logs for an hour either side of the time of the 10 alleged scans — which date back to February and ended shortly after the election last year —and for copies of any intrusion alerts that resulted.

The letter was first reported this week by the Associated Press and then posted online by the Daily Caller. An official in the inspector general’s office confirmed the investigation and the letter to CyberScoop, but declined to provide any further details, noting it was an ongoing investigation.


The investigation follows a call from House Oversight and Government Reform Committee Chairman Jason Chaffetz, R-Utah.

On Jan 11, in letters to Roth and then Homeland Security Secretary Jeh Johnson, Chaffetz described the incidents as “unsuccessful attempts to penetrate the Georgia Secretary of State’s firewall.”

The incidents came to national attention after they were caught up in a row over DHS’s election cybersecurity efforts.

In the runup to the presidential poll last November, Kemp became one of the loudest voices opposing DHS plans for federal assistance to state authorities to help cyber-secure their election systems, calling it “overreach,” and a “power grab.”

“At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network,” Kemp wrote to DHS in December. “Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created.”


Johnson responded that the event appeared to be “normal … interaction” with the secretary of state’s website by a DHS staffer trying to verify a professional license — not any kind of security test or scan.

Then, just days before leaving office, Johnson signed an order designating the U.S. election system as “critical infrastructure.” At the stroke of a pen, the designation adds the physical and digital property of countless state and county government offices to a special list of 16 categories of vital national industry — ranging from banking and telephones to water and sewage systems — that DHS has special authority to protect.

 Defenders of the decision say it doesn’t give federal authorities any power over elections, and will put vital election machinery under the protective umbrella of the international norms the U.S. is promoting for cyberspace — which prohibit cyberattacks on critical infrastructure in peacetime.

Critics — numbering many of the state officials, including Democrats, who actually run elections — say they were already getting assistance from DHS and question why so many offline elements of election infrastructure were included in the designation.

Latest Podcasts