The Department of Homeland Security’s chief cybersecurity official Jeanette Manfra testified in a Congressional committee hearing yesterday that her agency is “doing everything that we can” to protect the nation’s electoral infrastructure, including prioritizing any state’s request for a voting system risk assessment. But while DHS has made important strides in developing programs and measures for mitigating cybersecurity risks that threaten federal operations and critical infrastructure, the agency is still falling short of recommendations issued two years ago by the U.S. Government Accountability Office, according to a new report issued as written testimony from Gregory Wilshusen, GAO’s director of information security issues.
The hearing, held by the U.S. Senate Committee on Homeland Security and Government Affairs, sought to determine the efficacy of DHS’ recent efforts to provide federal government programs and voluntary services that mitigate cyber risk. Not surprisingly, a chief area of concern was the threat to national elections, especially after DHS disclosed that Russian hackers targeted at least 21 states’ election networks and websites and successfully penetrated a small subset of them.
When asked point-blank by Sen. Maggie Hassan (D-N.H.) if DHS has detected any malicious cyberactivity targeting voting infrastructure in the lead-up to the 2018 midterm elections, Manfra, the Assistant Secretary with the Office of Cybersecurity and Communications at DHS’ National Protection and Programs Directorate (NPPD), replied, “We have not at this time, Ma’am.”
To counter such threats, the DHS currently operates an elections task force comprised of roughly 10 to 15 people, most of whom focus exclusively on voting security and infrastructure, according to Manfra’s oral testimony.