DHS Designates Election Machines, Systems As ‘Critical Infrastructure’

The U.S. Department of Homeland Security designated the nation’s election technology and systems as critical infrastructure, giving state election officials access to technical and policy aid from the agency.

The move, announced Jan. 6, makes the election infrastructure in the United States part of the government-facilities critical infrastructure sector, one of the 16 sectors deemed crucial by the U.S. government. Other sectors include health care, energy and the defense industrial base.

While some states have reportedly opposed the designation, the DHS assured election officials that states would still have full oversight and responsibility for running elections.

Election Tech security

The designation “makes clear both domestically and internationally that election infrastructure enjoys all the benefits and protection of critical infrastructure that the U.S. government has to offer,” DHS Secretary Jeh Johnson said in a statement announcing the decision. “Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law.”

The announcement comes three months after top intelligence officials issued a statement, attributing attacks against the Democratic National Committee, the campaign of Hillary Clinton, and state election systems to Russia.

The Obama administration released additional details of the attacks and the evidence gathered by intelligence and law enforcement officials earlier this month.

The act of designating election systems as critical infrastructure means that the DHS will be able to work more closely with states to secure a variety of election-related technologies, processes and locations, including storage facilities and polling places, information and communications technology related to voting, and the voting machines themselves.

Election-security groups have long called for the infrastructure to be designated critical. Verified Voting, a group of voting experts, pushed for election systems to be deemed critical since 2013, Pamela Smith, president of Verified Voting, told eWEEK in an e-mail.

“Voting systems should receive at least as much attention and care as other critical infrastructure systems do,” Smith said. “The fact that all or nearly all of the 50 states as well as more than 30 local jurisdictions availed themselves of support from Department of Homeland Security this year in the run-up to the election makes it clear that cyber-security considerations in elections are serious.”

Critical infrastructure

DHS’ Johnson acknowledged the concerns that many state election officials have raised about that DHS designating election technology as critical infrastructure.

“It is important to stress what this designation does and does not mean,” Johnson said. “This designation does not mean a federal takeover, regulation, oversight or intrusion concerning elections in this country. This designation does nothing to change the role state and local governments have in administering and running elections.”

While the change in status is a good initial step, Verified Voting’s Smith stressed that election officials should still require that audits of the all voting be conducted following an election, as a defense against fraud and machine error.

“Even where voting systems are recount-able and auditable— we don’t have robust audit requirements in place in at least half of those locations—we are not yet able to say authoritatively that our elections are secure,” she said. “We can do better.”

Originally published on eWeek

Quiz: What do you know about cybersecurity?

Robert Lemos

Robert Lemos covers cyber security for TechWeekEurope and eWeek

Recent Posts

Google Ordered To Pay $43m By Australian Court

Search engine Google fined $43 million by Australian court for tracking Android users location data…

1 day ago

Hacker Touts Data Sale Of 48.5m Users Of Covid App – Report

Personal data of 48.5 million Chinese citizens who used Shanghai's Covid App, is being offered…

1 day ago

Facebook Tests Default End-to-End Encryption For Messenger

Privacy move. Platform tests secure storage of people's chats on Messenger, in a move sure…

1 day ago

UK’s CMA Begins Probe Of Viasat Acquisition Of Inmarsat

British competition regulator the CMA, begins phase one investigation of $7.3 billion merger between Inmarsat…

2 days ago

Cisco Admits ‘Security Incident’ After Breach Of Corporate Network

Yanluowang ransomware hackers claim credit for compromise of Cisco's corporate network in May, while Cisco…

2 days ago

Google Seeks To Shame Apple Over RCS Refusal

Good luck convincing Tim. Google begins publicity campaign to pressure Aple into adopting the cross…

2 days ago