The Department of Homeland Security’s Christopher Krebs told House lawmakers that a “trust” relationship with state officials has prevented the department from sharing specific details about cyber threats to the 2016 presidential election with Congress. Krebs said “we don’t have statutory authority to compel” states to report cyber incidents to the federal government, while expressing concern that the level of trust needed to get states to share with DHS could be undermined by passing along that information to lawmakers. Krebs, who is the senior official performing the duties of the DHS under secretary for the National Protection and Programs Directorate, testified Wednesday at a joint hearing by the House Oversight and Government Reform information technology and intergovernmental affairs subcommittees on the “cybersecurity of voting machines.”
His comments about sharing with Congress came in response to questioning by IT subcommittee ranking member Robin Kelly (D-IL), who noted that Democrats sent a letter last month requesting information about what DHS had learned from state officials about hacking in the 2016 election, which has been attributed to the Russian government.
Kelly said the letter was sent on Oct. 20 but “more than a month later” detailed information about those cyber threats had not yet been shared with the committee. The letter was signed by committee ranking member Elijah Cummings (D-MD) and Kelly.
She said the absence of that information could prevent lawmakers “to understand exactly how our state election systems were attacked by a foreign adversary.”