State election officials resisted federal cybersecurity assistance during 2016 election
State and local election authorities resisted federal cybersecurity assistance during 2016, President Obama’s Homeland Security secretary told lawmakers Wednesday.
As attacks against election targets became increasingly visible in 2016, Jeh Johnson, who was secretary into early 2017, floated the idea of designating election infrastructure as critical infrastructure, making it a top security priority for DHS and give it the benefit of domestic and international cybersecurity protections.
“To my disappointment, the reaction to a critical infrastructure designation, at least from those who spoke up, ranged from neutral to negative,” Johnson said. ” Those who expressed negative views stated that running elections in this country was the sovereign and exclusive responsibility of the states, and they did not want federal intrusion, a federal takeover, or federal regulation of that process. This was a profound misunderstanding of what a critical infrastructure designation would mean, which I tried to clarify for them.”
A a critical infrastructure designation during the 2016 election season would be “counterproductive,” DHS’s chief decided, and “we put the idea on the back burner.”
It eventually came off the back burner: The “critical” designation was eventually made in January 2017, a move prompting criticism and calls for repeal from state-level officials. Trump’s Homeland Security secretary, John Kelly, announced shortly thereafter that his department would keep the “critical” label.
In the end, “33 states and 36 cities and counties” ended up using DHS tools to scan for vulnerabilities or ask for advice by Election Day 2016, Johnson said.
Meanwhile, government officials from DHS and FBI said on Wednesday during a hearing held by the Senate Intelligence Committee for the first time that “election-related systems in 21 states that were targeted” by Russian hackers during the 2016 presidential election.
A Bloomberg report from last week said Russian hackers hit systems in 39 total states citing three unnamed people with direct knowledge of the U.S. investigation into election hacking.
Cyberattacks are “are going to get worse before they get better,” Johnson said, suggesting that more money, education and federal strategy would do well to protect election infrastructure during the 2018 and 2020 cycles.
Although he clearly blamed Russia for hacks and influence operations against American election targets, Johnson said that “the Russian government did not through any cyber-intrusion alter ballots, ballot counts or reporting of election results.”
“I am not in a position to know whether the successful Russian government-directed hacks of the DNC and elsewhere did in fact alter public opinion and thereby alter the outcome of the presidential election,” he explained.
President Donald Trump’s own unwillingness to say that Russia interfered in the U.S. election, an assertion made by the American intelligence community, prompted Johnson to add that if Trump and his Cabinet do not depend on the intelligence community, “you’re flying blind.”
