CISA chief rips IG report, touts election security efforts

CISA and state election organizations questioned the timing of the report, along with the impression it left readers.
Chris Krebs, DHS, CISA
Chris Krebs speaks April 4, 2019, at the Cybersecurity Leadership Forum presented by Forcepoint and produced by CyberScoop and FedScoop. (CyberScoop)

The head of the U.S. Cybersecurity and Infrastructure Security Agency has slammed a new inspector general report criticizing some of the agency’s election security work, calling the investigation “poorly timed” and its conclusions misleading.

The Department of Homeland Security’s inspector general credited CISA for making progress in helping election officials mitigate cyberthreats, but also concluded the agency hadn’t invested enough resources in countering physical threats to election infrastructure. CISA officials say they’ve accounted for those threats in their preparation. Multiple federal agencies, including the FBI, also are working with state officials to guard against cyber and physical threats to the election.

“While the OIG [office of the inspector general] recognizes our extensive coordination effort, releasing this report before Election Day fails to account for CISA’s actions throughout the entirety of the actual 2020 election cycle,” CISA Director Chris Krebs said in a statement.

“While we can certainly update plans, use more resources, and coordinate better with partners, I am confident that the work we have done to protect the 2020 election means your vote is secure and you should vote with confidence,” Krebs added.


Election officials from both parties have credited CISA and the FBI for working much more closely with local jurisdictions following the 2016 election. There is now a threat-sharing hub where federal officials can trade data with their state and local counterparts, and CISA provides scanning and vulnerability management services to various jurisdictions. Federal agencies have put some of those practices to work this election cycle.

Last week, CISA and the FBI said that Iran and Russia had obtained access to some voter registration information but had not breached any election systems. Krebs pointed to security briefings CISA helped deliver to more than 1,000 election officials on those threats.

The IG report suggested CISA improve the data sharing it does with DHS’s Office of Intelligence and Analysis, pointing out that CISA does not have authority to declassify threat data. Krebs said that his agency has been working more closely with DHS’s intelligence office in the last year.

Krebs said responding to the IG report pulled his staff away from some election security tasks: “We think, and as the report reflects, our partners agree our time was better spent working with them.”

An OIG spokesperson did not immediately respond to a request for comment on CISA and others’ criticism of the report.


State election organizations also critical of report

Amy Cohen, executive director of the National Association of State Election Directors (NASED), was also critical of the OIG report.

The report “does not fully demonstrate how far the relationship between the election community and CISA has come,” Cohen said. “NASED members across the country work closely with regional and national staff at CISA, and are grateful for the support and partnership.”

Maria Benson, director of communications at the National Association of Secretaries of State, credited CISA officials for working closely with her organization in recent years, and for helping develop guidance for physical security at polling places.

Krebs and others have pledged this election will be the most secure on record, pointing to a marked increase in ballots cast with an auditable paper record: over 92% in 2020 compared to 82% in 2016.


Politico was first to report on the IG report on Tuesday.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts