Former high-level Obama administration officials appeared before congressional Democrats on Thursday to offer suggestions on how to secure future elections from cyber threats.
Jeh Johnson, the former secretary of Homeland Security, and Suzanne Spaulding, a former high-level cybersecurity official at the Department of Homeland Security (DHS), faced a myriad of questions from lawmakers about what Congress can do to help states shore up the cybersecurity of their election systems.
{mosads}
The meeting took place less than a week after Homeland Security officials notified 21 states of evidence that Russian actors targeted their networks ahead of the 2016 election.
Among their recommendations, Spaulding encouraged lawmakers to provide more resources to states for cybersecurity, suggesting that the money could be allocated through a grant program that also mandates a full assessment of their systems.
“We need to have a strong sense of urgency with regards to upcoming elections,” said Spaulding, who is now on the board of Harvard’s Digital Democracy Project. “We need to be focusing now on the midterm elections next November and the election in 2020.”
Lawmakers have introduced bipartisan legislation setting up grants for cyber planning and implementation at the state and local level, but the measure has yet to get a vote in either chamber.
Both officials also got behind the idea of Congress mandating a nationwide election security assessment by the executive branch.
Johnson also suggested that Congress could institute “federal minimum standards” for cybersecurity election-related systems — though he encouraged lawmakers to tread lightly, given that states are responsible for administering elections and regard it as “their sovereign process.”
“I think that some type of standards or inducements through grants or the like should be encouraged, one way or another. Congress mandates federal standards in a whole bunch of contexts and ensuring the integrity of our democracy is pretty important,” Johnson said. “It’s something we’ve got to look at. Exactly what is mandated, I’d want to carefully consider it.”
Both officials also recommended the intelligence community conduct a cyber threat assessment far in advance of an election, so as to distance it from the political outcome.
Russian interference has been a controversial topic on Capitol Hill since the U.S. intelligence community said in January that Russia aimed to undermine confidence in U.S. democracy, damage Democrat Hillary Clinton, and aid President Trump.
Currently, the House and Senate Intelligence Committees are investigating Russian efforts, while special counsel Robert Mueller is spearheading the federal probe into whether there was collusion between the Trump campaign and Moscow.
The Thursday meeting was the first public forum convened by the Democratic election security task force, set up by Reps. Bennie Thompson (D-Miss.) and Robert Brady (D-Pa.). The top Democrats on the Homeland Security and Administration committees formed the task force out of frustration with their respective committees for not focusing on threats to election systems.
According to DHS, none of the state systems targeted by Russia were involved in tallying votes, and in most states officials saw only preparations for hacking, such as scanning of networks to find potential vulnerabilities. In Arizona and Illinois, voter registration databases were breached.
The revelations have sparked fears of foreign interference in future elections.
Johnson, who called last year’s events a “wake-up call,” was leading DHS as the department worked to engage states on cyber threats ahead of the election and offer voluntary cybersecurity assistance to states that wanted it.
On Thursday, he highlighted fears about Russia’s targeting of state voter databases — warning that data could be compromised, resulting in chaos on Election Day.
“I was very worried that it was the run-up to a huge catastrophic attack where people would show up at the voting booth and they would be told, ‘I’m sorry, you’re not registered to vote,’ ” Johnson said. “We were very worried about that, and I continue to be very worried about the ability of bad cyber actors to compromise voter registration data.”
In the aftermath of Russia’s targeting, Johnson moved to designate election infrastructure as critical, opening polling places and election-related data systems up to federal protections — a move that has been met with pushback from state and local officials.