AuthentificationCyberCrimeFirewallSecuritySecurity ManagementVirus

DHS Designates Election Machines, Systems As ‘Critical Infrastructure’

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Individual states will still have oversight and control over their election systems, but the move makes a statement “domestically and internationally” that the U.S. considers its elections critical, the agency says

The U.S. Department of Homeland Security designated the nation’s election technology and systems as critical infrastructure, giving state election officials access to technical and policy aid from the agency. 

The move, announced Jan. 6, makes the election infrastructure in the United States part of the government-facilities critical infrastructure sector, one of the 16 sectors deemed crucial by the U.S. government. Other sectors include health care, energy and the defense industrial base. 

While some states have reportedly opposed the designation, the DHS assured election officials that states would still have full oversight and responsibility for running elections. 

vote © - Fotolia.com

Election Tech security 

The designation “makes clear both domestically and internationally that election infrastructure enjoys all the benefits and protection of critical infrastructure that the U.S. government has to offer,” DHS Secretary Jeh Johnson said in a statement announcing the decision. “Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law.” 

The announcement comes three months after top intelligence officials issued a statement, attributing attacks against the Democratic National Committee, the campaign of Hillary Clinton, and state election systems to Russia.  

The Obama administration released additional details of the attacks and the evidence gathered by intelligence and law enforcement officials earlier this month. 

The act of designating election systems as critical infrastructure means that the DHS will be able to work more closely with states to secure a variety of election-related technologies, processes and locations, including storage facilities and polling places, information and communications technology related to voting, and the voting machines themselves. 

Election-security groups have long called for the infrastructure to be designated critical. Verified Voting, a group of voting experts, pushed for election systems to be deemed critical since 2013, Pamela Smith, president of Verified Voting, told eWEEK in an e-mail. 

“Voting systems should receive at least as much attention and care as other critical infrastructure systems do,” Smith said. “The fact that all or nearly all of the 50 states as well as more than 30 local jurisdictions availed themselves of support from Department of Homeland Security this year in the run-up to the election makes it clear that cyber-security considerations in elections are serious.” 

Critical infrastructure 

DHS’ Johnson acknowledged the concerns that many state election officials have raised about that DHS designating election technology as critical infrastructure.   

“It is important to stress what this designation does and does not mean,” Johnson said. “This designation does not mean a federal takeover, regulation, oversight or intrusion concerning elections in this country. This designation does nothing to change the role state and local governments have in administering and running elections.” 

While the change in status is a good initial step, Verified Voting’s Smith stressed that election officials should still require that audits of the all voting be conducted following an election, as a defense against fraud and machine error. 

“Even where voting systems are recount-able and auditable— we don’t have robust audit requirements in place in at least half of those locations—we are not yet able to say authoritatively that our elections are secure,” she said. “We can do better.” 

Originally published on eWeek

Quiz: What do you know about cybersecurity?