Despite new evidence from a leaked NSA report that Russian hackers sought to compromise state and local election technology, the officials in charge are still vigorously opposing the federal designation of their polling systems as critical infrastructure. “It’s unclear how this situation would change anyone’s opinions about the [critical infrastructure] designation,” Kay Stimson of the National Association of Secretaries of State told CyberScoop. NASS represents the state-level officials responsible for certifying statewide election results. Stimson added that officials didn’t get any additional resources to defend their networks as a result of the January 2017 announcement by the Department of Homeland Security, which many saw as a federal power grab. Federal officials have stressed that state or local participation in any DHS programs is voluntary, and suggested that DHS expertise might be able to help election officials secure themselves against online attacks.
Stimson said officials had asked DHS for a briefing about the leaked information. The document, leaked to The Intercept, is an NSA intelligence report dated May 5. It outlines efforts by hackers described as “actors” of the Russian GRU intelligence agency to compromise the online accounts and computers of companies providing state and local governments with voter registration technology. The hackers also then targeted local government election officials themselves just days before the election.
In a statement, NASS urged federal agencies to notify local election officials about the hacking attempts, which the newly leaked documents show the NSA knew about by April of this year. Stimson said she didn’t understand why local officials hadn’t been warned already, especially as the ability to share exactly that kind of intelligence warning had been touted as one of the main advantages of the critical infrastructure designation.
Election Assistance Commission Chairman Matthew V. Masterson issued a warning to state and local election administrators. “While phishing attacks are common across all sectors of our society and there is no evidence that this attack targeted voting machines involved in vote tallying of the 2016 Federal Election, this report provides a timely reminder that officials must remain vigilant about election system security,” the warning reads. FBI and DHS are “currently notifying the officials who were targeted by the attack and are coordinating the incident response.”