The U.S. Department of Homeland Security on Tuesday unveiled a new national strategy for addressing the growing number of cyber security risks as it works to assess them and reduce vulnerabilities. “The cyber threat landscape is shifting in real-time, and we have reached a historic turning point,” DHS chief Kirstjen Nielsen said in a statement. “It is clear that our cyber adversaries can now threaten the very fabric of our republic itself.” The announcement comes amid concerns about the security of the 2018 U.S. midterm congressional elections and numerous high-profile hacking of U.S. companies.
As midterm votes are being cast in Pennsylvania and across the country, the U.S. Department of Homeland Security is playing catch-up. Pennsylvania is one of at least 17 states where election officials have requested on-site risk assessments of their election systems. Nearly half those reviews had not been completed by mid-May, including the one for Pennsylvania, which holds its primary election on Tuesday, May 15. A spokesperson for the Pennsylvania Department of State told KDKA-TV the security review will not be completed until June at the earliest. A security review by DHS typically takes two weeks to complete.
With the midterm congressional primaries about to go into full swing, the Department of Homeland Security has completed security reviews of election systems in only about half the states that have requested them so far. The government’s slow pace in conducting the reviews has raised concerns that the nation’s voting systems could be vulnerable to hacking, especially after U.S. intelligence agencies warned that Russia plans to continue meddling in the country’s elections. Among those still waiting for Homeland Security to conduct a risk assessment is Indiana, one of four states with primaries on Tuesday. Its ballot includes several hotly contested races, including a Republican primary for U.S. Senate. Indiana Secretary of State Connie Lawson said she is confident state officials have done what they can to safeguard Tuesday’s voting, but acknowledged: “I’ll probably be chewing my fingernails during the entire day on Election Day.”
A Department of Homeland Security official acknowledged that more than 21 states could have been targeted by Russian hackers prior to the 2016 election and told lawmakers the department hasn’t seen any similar activity in the lead-up to the 2018 mid-terms. In an April 24 Senate Homeland Security and Governmental Affairs Committee hearing, Jeanette Manfra, assistant secretary for the office of cybersecurity and communications, fended off questions about whether the department had “misled” Congress and the American public about how many states had been targeted by Russian hackers in the lead-up to the 2016 presidential elections. The department has consistently pegged the number of states affected at 21, but Sen. Claire McCaskill (D-Mo.) pointed out that number reflects only the number of states that had sensors or tools in place to capture the scanning activity. Manfra largely agreed with that interpretation.
National: DHS chief issues stern warning to Russia, others on election meddling, cyberattacks | The Hill
Homeland Security Secretary Kirstjen Nielsen issued a stern warning to Russia and other countries looking to meddle in future U.S. elections, saying that the U.S. government will consider all options “seen and unseen” for responding to malicious attacks in cyberspace. “The United States, as you know, possesses a spectrum of response options both seen and unseen, and we will use them to call out malign behavior, punish it and deter future cyber hostility,” Nielsen said in keynote remarks at the RSA cybersecurity conference in San Francisco on Tuesday. “Our cyber defenses help guard our very democracy and all we hold dear. To those who would try to attack our democracy to affect our elections, to affect the elections of our allies, to undermine our national sovereignty, I have a simple word of warning: Don’t,” Nielsen said.
Homeland Security Secretary Kirstjen Nielsen promised that the federal government would do all it could to prevent Russians from hacking future elections, but stopped short of guaranteeing that those measures would be effective. “I feel secure that we are and will continue to do everything we can to help state and locals secure their election infrastructure,” Nielsen said on Tuesday, avoiding answering a question about whether the U.S. voting system is hacker proof. The DHS secretary’s comments at the annual RSA cybersecurity conference in San Francisco come after members of the U.S. Senate Intelligence Committee urged Nielsen and the DHS to speed up efforts to secure the nation’s elections, according to the New York Times. In September, the DHS notified 21 U.S. states that Russia had attempted to hack their voting systems prior to the last presidential election.
Colorado: Department of Homeland Security Testing Colorado’s Election Systems With Operation Cyber Storm | Westword
Colorado’s election systems have been under attack by cyber intruders. Networks are being poked and prodded in an attempt to bypass security measures, access control systems and manipulate or extract data. Don’t worry, though: The attacks are not real. Rather, they are simulations part of “Cyber Storm,” the nation’s largest cybersecurity exercise, overseen by the Department of Homeland Security. Colorado is one of seven states participating in the exercise, along with nearly 1,000 other “players” across the nation that range from law enforcement agencies to transportation and manufacturing networks. According to DHS, the exercises are the sixth iteration of Operation Cyber Storm, and the simulated cyber attacks are meant to expose cyber vulnerabilities and test network administrators’ preparedness, security measures and responses.
The Department of Homeland Security is giving states, including Colorado and Texas, a chance to game out how they might respond to a cyberattack on election systems ahead of this year’s midterm vote. The department began its biennial “Cyber Storm” exercises on Tuesday, working with more than 1,000 “players” across the country, including state governments and manufacturers, to test how they would withstand a large-scale, coordinated cyberattack aimed at the U.S.’s critical infrastructure such as transportation systems and communications.
National: After GOP is criticized over election security, key official goes to Homeland Security | The Hill
The official recently replaced atop the U.S. Election Assistance Commission (EAC) is joining the Department of Homeland Security to protect elections from cyber threats, The Hill has learned. Matthew Masterson was replaced as chairman of the EAC in February as a result of a decision made by Republican leadership. The move opened up House Speaker Paul Ryan (R-Wis.) to criticism. Masterson has now signed on to work as a senior cybersecurity adviser at Homeland Security’s main cyber wing and to assist the department’s election security mission. A Homeland Security official confirmed that Masterson will work at the National Protection and Programs Directorate, which spearheads efforts to protect critical infrastructure from cyber and physical threats.
National: Trump wants new authority over polling places. Top election officials say no | The Boston Globe
President Trump would be able to dispatch Secret Service agents to polling places nationwide during a federal election, a vast expansion of executive authority, if a provision in a Homeland Security reauthorization bill remains intact. The rider has prompted outrage from more than a dozen top elections officials around the country, including Secretary of State William F. Galvin of Massachusetts, a Democrat, who says he is worried that it could be used to intimidate voters and said there is “no basis” for providing Trump with this new authority. “This is worthy of a Third World country,” said Galvin in an interview. “I’m not going to tolerate people showing up to our polling places. I would not want to have federal agents showing up in largely Hispanic areas.” “The potential for mischief here is enormous,” Galvin added. The provision alarming him and others is a rider attached to legislation that would re-authorize the Department of Homeland Security. The legislation already cleared the House of Representatives with bipartisan support.