DHS

Tag Archive

National: Former Homeland Security secretaries call for action to address cybersecurity threats | Maggie Miller/TheHill

Three former secretaries of the Department of Homeland Security (DHS) on Monday testified that cybersecurity threats to elections and other critical infrastructure are major issues that could impact the security of the nation. Former DHS Secretaries Michael Chertoff, Janet Napolitano and Jeh Johnson all discussed the severity of cyber threats to the U.S. while testifying in New York City during a field hearing at the National September 11 Memorial Museum held by the Senate Homeland Security and Governmental Affairs Committee. Napolitano, who served as secretary under former President Obama from 2009 through 2013, listed cybersecurity as one of the top three threats DHS “can and must confront,” pointing to vulnerabilities in election infrastructure, utility grids and other critical infrastructure as putting the country at risk.  “Our adversaries and international criminal organizations have become more determined and more brazen in their efforts to attack us and to steal from us,” Napolitano said. “We need a whole of government and a whole of public and private sector response to this threat, and it needs to happen immediately.

Full Article: Former Homeland Security secretaries call for action to address cybersecurity threats | TheHill.

New Jersey: New Jersey and Homeland Security are teaming up to spot potential election security risks | Dustin Racioppi/NorthJersey.com

State and federal officials plan a daylong series of exercises Tuesday to assess New Jersey’s election security and spot potential weaknesses ahead of voting in November. New Jersey’s Division of Elections is partnering with the U.S. Office of Homeland Security to conduct what is known as the Election Security Tabletop Exercise. The two offices routinely work together on election security, but the event planned for Tuesday is the first of its kind in New Jersey, officials said, bringing together representatives from all of the state’s 21 counties as well as those from 13 other states. In addition, former Homeland Security Secretary Jeh Johnson and current U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency Director Christopher Krebs will address the hundreds of people expected to attend, according to an advisory detailing the event.

Full Article: NJ election officials to be trained to spot election security risks.

National: Distrust, Staffing and Funding Shortages Imperil Election Security | Courtney Bublé/Government Executive

pecial Counsel Robert Mueller was emphatic when he testified before the House Intelligence Committee on July 24 about Russian interference in the 2016 election: “It wasn’t a single attempt. They’re doing it as we sit here, and they expect to do it during the next campaign.” In an earlier, less partisan era, Mueller’s warning likely would have galvanized lawmakers and propelled them to action to ensure the security and integrity of American elections. While federal agencies have taken critical steps to improve security around U.S. elections since 2016, those efforts have been hampered by inadequate funding; staffing problems; mixed messages from Congress and the administration; and, not insignificantly, by Constitutional questions—states and localities hold primary authority for administering elections, and some Republicans worry about the federal government usurping state powers in the name of security. But the special counsel’s warning had no such galvanizing effect. Hours after Mueller testified in the House, Sen. Cindy Hyde-Smith, R-Miss., blocked, without giving a reason, election security bills in the Senate, one of which would have required campaigns to alert the FBI and the Federal Election Commission about election assistance offers from foreign countries. The next day, Senate Majority Leader Mitch McConnell, R-Ky., denied the Democrats’ request for a vote on the House-passed Securing America’s Federal Elections Act, which would have authorized $775 million to bolster state election systems and required paper ballots as a guard against vote tampering. McConnell said the legislation, which passed the House with just a single Republican vote, would nationalize election authorities that “properly belong to the states.”  While few things are more fundamental to democracy than the integrity of the election system, finding a bipartisan consensus for ensuring that integrity has been elusive, and as a result, agencies’s efforts are far less effective than they could be otherwise.

Full Article: Distrust, Staffing and Funding Shortages Imperil Election Security - Government Executive.

National: DHS cyber agency to prioritize election security, Chinese threats | Maggie Miller/The Hill

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) plans to prioritize election security, cybersecurity at federal agencies, and the “persistent threat” posed by China, among its many goals. The agency laid out its key priorities in a new “strategic intent” document released on Thursday, which CISA Director Christopher Krebs described in the introduction as the “keystone” for the agency. Among Krebs’s operational priorities is addressing Chinese threats to U.S. supply chains and to the rollout of 5G networks, bolstering election security efforts at the state and local level, and protecting the cybersecurity of industrial control systems. Other priorities are protecting federal networks against cyber attacks, such as ransomware incidents that have increasingly spread across the country, and defending “soft targets” and crowded venues from physical threats. CISA is the primary agency responsible for assisting state and local governments with securing elections, replacing the former National Protection and Programs Directorate in a law that took effect last year.

Full Article: DHS cyber agency to prioritize election security, Chinese threats | TheHill.

National: Top DHS cyber official calls paper ballot backups necessary for 2020 election | Kevin Collier and Caroline Kelly/CNN

The top cybersecurity official at the Department of Homeland Security said Friday that backup paper ballots would be a necessary part of 2020 election security. “Ultimately when I look at 2020, the top priority for me is engaging as far and wide as possible, touching as many stakeholders as possible, and making sure we have auditability in the system,” Chris Krebs, DHS’ top cyber official, said at a DEFCON cyber conference Friday when discussing election security. “IT, key tenant, can’t audit the system, can’t look at the logs, you don’t know what happened,” he added. “Gotta get auditability, I’ll say it, gotta have a paper ballot backup.” Krebs said that he doesn’t “have all the answers” on election security, adding that “a lot of these policy suggestions are not my job to answer — Congress has a role here.” The cyber head also called for state legislatures to pick up the slack along with federal lawmakers in addressing a lack of much needed funds to update different states’ election systems. “I don’t know where, for instance, the state of New Jersey is going to get their money to update their systems,” Krebs said. “I don’t know where some of these other states that have (paperless machines) without a paper trail associated with it — I don’t know where they’re going to get the money, but they need it.”

Full Article: Top DHS cyber official calls paper ballot backups necessary for 2020 election - CNNPolitics.

Georgia: Unclassified DHS memo outlined threats to Georgia elections | Mark Niesse/Atlanta Journal Constitution

The potential for tampering in Georgia’s elections last fall prompted the U.S. Department of Homeland Security to warn election officials to be on guard against foreign interference. A recently released DHS memo, titled “A Georgia Perspective on Threats to the 2018 U.S. Elections,” listed concerns about hacking, misinformation spread through social media and disruptions to election infrastructure.The federal advice came as attorneys for state election officials argued in court documents that fears of hacking and vote miscounting were little more than “a theoretical possibility.”Secretary of State Brad Raffensperger’s office said Monday that cybersecurity has been an ongoing priority since well before the 2018 elections.“This memo is standard information sharing and shows what all levels of government are doing to protect our elections,” said spokeswoman Tess Hammock. “DHS prepared a similar memo for every state. There is no evidence of any successful attempts to interfere in Georgia’s elections.”The unclassified DHS document became public Wednesday when it was included as an exhibit in an ongoing lawsuit seeking to prevent the continued use of electronic voting machines. “Foreign governments may engage in cyber operations targeting the election infrastructure and political organization in Georgia and engage in influence operations that aim to interfere with the 2018 U.S. elections,” according to the Oct. 2, 2018, document prepared by the DHS Office of Intelligence & Analysis Field Operations Division for the Southeast Region. The two-page memo didn’t specify who might have attempted to tamper with Georgia’s elections, but it said their goals could have been “to disrupt political processes, sway public opinion, or to undermine certain political organizations.”

Full Article: Unclassified DHS memo outlined threats to Georgia elections.

Florida: Lawmakers push DHS to notify voters, other officials of election system breaches | Olivia Beavers/The Hill

A pair of House lawmakers from Florida have introduced new legislation that would require the Department of Homeland Security (DHS) to notify voters and other parties of potential breaches to election systems. Reps. Stephanie Murphy (D) and Mike Waltz (R) introduced their measure following revelations earlier this year that Russia infiltrated computer networks in two counties in the Sunshine State ahead of the 2016 presidential election. Members of the Florida congressional delegation blasted federal agencies in May for their lack of transparency about the cyberattacks, saying they only received an FBI briefing on the matter when former special counsel Robert Mueller revealed in his report that the bureau was investigating a Moscow-led hack into “at least one” Florida county. The FBI, which informed the Florida delegation that Russia had infiltrated a second county, has not permitted the members of Congress to reveal the names of which counties were targeted.

Full Article: Florida lawmakers push DHS to notify voters, other officials of election system breaches | TheHill.

North Carolina: Software vendor may have opened a gap for hackers in 2016 swing state | Kim Zetter/Politico

A Florida election software company targeted by Russians in 2016 inadvertently opened a potential pathway for hackers to tamper with voter records in North Carolina on the eve of the presidential election, according to a document reviewed by POLITICO and a person with knowledge of the episode. VR Systems, based in Tallahassee but with customers in eight states, used what’s known as remote-access software to connect for several hours to a central computer in Durham County, N.C., to troubleshoot problems with the company’s voter list management tool, the person said. The software distributes voter lists to so-called electronic poll books, which poll workers use to check in voters and verify their eligibility to cast a ballot. The company did not respond to POLITICO’s requests for comment about its practices. But election security experts widely condemn remote connections to election-related computer systems — not only because they can open a door for intruders but because they can also give attackers access to an entire network, depending on how they’re configured.

Full Article: Software vendor may have opened a gap for hackers in 2016 swing state - POLITICO.

Georgia: Potential vulnerabilities of new Georgia voting machines evaluated | Atlanta Journal Constitution

The U.S. Department of Homeland Security is gauging potential vulnerabilities of the type of voting machines that will soon be used in Georgia. The federal government will work with election officials to better understand the security and auditability of voting systems, said Scott McConnell, a spokesman for the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security.“This includes helping to identify potential risks and vulnerabilities for deployed systems as well as informing the development of future systems,” McConnell said. Georgia is preparing to buy a $150 million statewide election system with voting machines called ballot-marking devices. Like the state’s current electronic voting machines, voters using the new ballot-marking devices will choose their candidates on touchscreens. Then printers will create paper ballots for voters to review and insert into scanning computers for tabulation.Federal scrutiny of voting technology comes after a study published last week pointed out weaknesses in ballot-marking devices.If ballot-marking devices are hacked or tampered with, they could print out falsified ballots, according to the study by three cybersecurity experts.

Full Article: Potential vulnerabilities of new Georgia voting machines evaluated.

National: ‘We can’t confirm him,’ Pat Roberts warns of potential Kobach nomination for DHS | The Kansas City Star

One of the GOP senators from Kris Kobach’s home state said Tuesday that the Senate would not be able to confirm the Kansas Republican if President Donald Trump taps him for a cabinet post. Kobach, the former Kansas secretary of state, has been mentioned as a potential candidate for an array of immigration-related positions since President Donald Trump pulled his nominee for the director of Immigration Customs Enforcement and announced the departure of Secretary of Homeland Security Kirstjen Nielsen. But Sen. Pat Roberts, R-Kansas, said he doesn’t believe the Republican-controlled Senate could confirm his fellow Kansan, who has gained national notoriety for championing stronger restrictions on immigration. “Don’t go there. We can’t confirm him,” Roberts whispered to The Kansas City Star when asked about Kobach Tuesday on his way into a Senate vote. “I never said that to you,” Roberts added, despite the fact that another reporter was present and The Star had not agreed to an off record conversation.

Full Article: Pat Roberts: Senate can’t confirm Kris Kobach for DHS | The Kansas City Star.

National: Election security in 2020 means a focus on county officials, DHS says | CNET

As special counsel Robert Mueller’s investigation on Russian hacking and collusion with the Trump campaign ends, the Department of Homeland Security is gearing up to prevent a repeat for the 2020 US presidential election. The federal agency, which formed the Cybersecurity and Infrastructure Security Agency last November, said that it’s “doubling down” on its efforts, calling election security for 2020 a top priority. It hopes to do that by focusing on local election officials, Matt Masterson, a DHS senior adviser on election security, said in an interview with CNET. The emphasis on local represents a new tact as the DHS tries to shut down foreign interference in the US elections. While the agency worked with all 50 states during the 2018 midterm elections, security experts said the outreach needs to zoom in on a county level. There are about 8,800 county election officials across the US, and they are the people responsible for your voting machines, your polling place’s security and handling vote auditing.

Full Article: Election security in 2020 means a focus on county officials, DHS says - CNET.

National: ‘We’re doubling down.’ DHS insists it’s not reducing election security efforts | The Washington Post

The Homeland Security Department is actually surging its efforts to protect elections against foreign hackers during the two years leading up to the 2020 elections — not winding them down, the agency’s top cybersecurity official insists. Chris Krebs, who leads DHS’s Cybersecurity and Infrastructure Security Agency, was punching back Thursday against a Daily Beast report citing anonymous staffers who said the department was reducing its election security efforts following the midterms to invest more in border security and other Trump administration priorities. “The department’s election security and countering foreign influence security-related efforts are not going anywhere,” Krebs said. “In fact, we’re doubling down.” The article made waves in the security community because even a perception that the government isn’t serious about securing elections against Russian hackers could damage trust in the result in the 2020 election.  Federal officials — including Krebs himself — have warned Russia may have viewed the midterms as merely a “warm-up” for 2020 when more Americans will be looking for signs of foreign influence. That stakes for officials such as Krebs are especially high because President Trump has wavered on whether he believes Russia was responsible for its hacking and disinformation campaign to influence the 2016 presidential contest.

Full Article: The Cybersecurity 202: 'We're doubling down.' DHS insists it's not reducing election security efforts - The Washington Post.

National: CISA says it’s ramping up election security efforts for 2020 | FCW

The head of the Department of Homeland Security’s cybersecurity wing is pushing back on a media report that the agency has scaled back personnel and resources from its combatting foreign election interference. Cybersecurity and Infrastructure Security Agency Director Chris Krebs hosted a conference call with reporters less than 24 hours after The Daily Beast published a story that quoted multiple anonymous DHS officials who said two CISA task forces focused on coordinating the department’s response to foreign influence in U.S. elections were significantly downsized shortly after the mid-terms. Krebs didn’t deny that personnel levels for the task forces were reduced. He characterized the task forces as temporary vehicles to address an emerging threat while CISA worked to hire staff and build more permanent institutional capacity to tackle the issue.

Full Article: CISA says it's ramping up election security efforts for 2020 -- FCW.

National: DHS Guts Task Forces Protecting Elections From Foreign Meddling | The Daily Beast

Two teams of federal officials assembled to fight foreign election interference are being dramatically downsized, according to three current and former Department of Homeland Security officials. And now, those sources say they fear the department won’t prepare adequately for election threats in 2020. “The clear assessment from the intelligence community is that 2020 is going to be the perfect storm,” said a DHS official familiar with the teams. “We know Russia is going to be engaged. Other state actors have seen the success of Russia and realize the value of disinformation operations. So it’s very curious why the task forces were demoted in the bureaucracy and the leadership has not committed resources to prepare for the 2020 election.”

Full Article: Trump’s DHS Guts Task Forces Protecting Elections From Foreign Meddling.

National: Lawmakers quiz officials on 2020 election security measures | The Hill

Lawmakers questioned federal officials Wednesday about the importance of passing election security measures ahead of the 2020 contests, pressing witnesses on the threat posed by foreign actors to influence U.S. elections. Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security (DHS), testified during the House Homeland Security Committee hearing Wednesday that the federal government is “lightyears ahead” of where it was in 2016 when it came to communicating with state and local officials. But he said improving outreach and communication with those officials is a top priority for his department ahead of 2020. Krebs also said that being able to audit elections is a pressing issue for his agency, and that records of votes, like paper trails, will help officials confirm election results. The DHS official added that basic cybersecurity remains a crucial issue, saying he fears any gaps could expose vulnerabilities in systems that could be abused by hackers.

Full Article: Lawmakers quiz officials on 2020 election security measures | TheHill.

National: DHS prioritizes restart of election security programs post-shutdown | CNN

Since the shutdown ended, the Department of Homeland Security has prioritized the resumption of its election security programs, some of which were forced to go on hiatus during the lapse in government funding, according to Cybersecurity and Infrastructure Security Agency Director Chris Krebs. “Coming out of the shutdown, anything that had paused on election security-related activities was put on the top of the priority list for restart,” he said. Krebs told CNN that if there was an active threat during the shutdown, the department was able to respond by conducting assessments and hunting down the threat. “What paused was the more routine vulnerability assessments,” he said. Those included a “couple of the election security-related” assessments run by the department, specifically focused on state networks.

Full Article: DHS prioritizes restart of election security programs post-shutdown - CNNPolitics.

National: DHS Wants to Expand the Reach of Its Critical Infrastructure Cyber Training | Nextgov

The Homeland Security Department wants to surge its ability to train critical infrastructure owners and operators on cybersecurity, according to a contracting document released Wednesday. The department is seeking a video conferencing service that it can use to provide cybersecurity webinars to 5,000 or more critical infrastructure operators simultaneously, according to the contracting document. The term critical infrastructure refers to 16 sectors the government has determined are vital to the nation’s successful operation. They include hospitals, banks, energy plants, dams and transportation hubs such as airports and train stations. The department officially designated election infrastructure, such as voting machines and voter rolls, critical infrastructure in January 2017, after Russian efforts to breach those systems during the 2016 elections.

Full Article: DHS Wants to Expand the Reach of Its Critical Infrastructure Cyber Training - Nextgov.

National: Homeland Security’s biggest election concern is what comes after you vote | CNET

The biggest concern for election security isn’t about Election Day — it’s about the day after, Department of Homeland Security Secretary Kirstjen Nielsen said. “My biggest concern is that a foreign entity will take the opportunity after the election, or the night of the election, to attempt to sow discord through social media by suggesting that something’s not working as it should in a particular area,” Nielsen said Friday morning at a Council on Foreign Relations event in New York. The conversation with Nielsen about comes just four days before Election Day and amid major DHS efforts to protect the US elections from foreign interference. That includes assisting election officials in all 50 states, creating its own center toprotect critical infrastructure, and attending Defcon to learn about voting machine flaws. While DHS is working to protect the machines and make sure voting officials are prepared, it’s that wave of disinformation on social media that’ll follow the election that Nielsen’s most worried about.

Full Article: Homeland Security's biggest election concern is what comes after you vote - CNET.

National: Fewer than half of US states have undergone federal election security reviews ahead of midterms | ABC

With only a week left before the 2018 midterm elections, fewer than half of U.S. states have submitted to a Department of Homeland Security assessment of their vulnerabilities to vote hacking. Under the department’s National Protection and Programs Directorate, the agency branch that coordinates cyber protection of U.S. infrastructure, a team of DHS officials are prepared to examine statewide election systems. They can check for cybersecurity vulnerabilities and run in-person exercises like phishing tests to ensure election officials are prepared to guard against attempts to hack their email accounts. The Department of Homeland Security has already provided or is scheduled to provide the service, which is free for states that request it, to only 21 states, a department spokesman told ABC News, concerning election experts who fear some states may not be aware of potential vulnerabilities.

Full Article: Fewer than half of US states have undergone federal election security reviews ahead of midterms.

National: DHS: Election officials inundated, confused by free cyber-security offerings | ZDNet

lection officials across the US are inundated and confused by the plethora of free cyber-security offerings that the private sector has made available in the past months, a Department of Homeland Security official said last week. … But while the actions of these companies were driven by a desire to help, a DHS official says these free offerings have managed to create confusion with some election officials. “So what we’ve seen is a lot of the cyber-security companies and the IT companies offering free services, which I think is a great move forward,” said Christopher Krebs, Under Secretary for National Protection and Programs Directorate at the DHS, in an interview on the Cyberlaw Podcast, last week.

Full Article: DHS: Election officials inundated, confused by free cyber-security offerings | ZDNet.