A Homeland Security official gave some more insight into their efforts on designating election systems as critical infrastructure shortly after the 2016 presidential election, saying it helped the department streamline communication in the event of a incident. Neil Jenkins, from DHS’s Office of Cybersecurity and Communications, gave the first detailed account Wednesday of the process leading up to the controversial decision, which was made by departing officials in the final days of the Obama administration and widely panned by state and local authorities. DHS designated election systems in 30,000 jurisdictions as critical infrastructure to ensure there would be someone in regular communication with state and local election officials about cyber threats to national polls. Jenkins told NIST’s Information Security and Privacy Advisory Board that in August and September, when officials first became aware of Russian efforts to interfere with the election, the “started trying to catalogue the services we could offer to state authorities,” to help them shore up network security and protect the systems that tabulated and reported results.
Prior to the November polling day, “We realized two things very quickly: Election officials were not interested in being designated at that time because they saw it being very disruptive … and … the capabilities we needed to provide them was not reliant on a critical infrastructure designation.”
But following the election, the urgency was taken out of the equation, and officials looked at the designation issue afresh, Jenkins told CyberScoop after his presentation.
Officials were concerned to institutionalize their relationship with those running elections at the state and local levels, because the constant barrage of cyberattacks on critical infrastructure meant it was hard for DHS to focus on any given target. Because elections officials themselves also have multiple responsibilities, they might not be focused on cybersecurity absent regular communication from DHS.