Cyber protections contemplated for U.S. election systems
- By Mark Rockwell
- Aug 05, 2016
After repeated hacks of Democratic National Committee systems by attackers who might be associated with the Russian government, the Obama administration is considering bolstering cyber protections for the U.S. election systems by putting them under the critical infrastructure classification the Department of Homeland Security is charged to protect.
"We have to carefully consider whether our election system is critical infrastructure, like the financial system or the power grid," DHS Secretary Jeh Johnson said at an Aug. 3 press breakfast sponsored by the Christian Science Monitor. "There is a vital national interest in our election process."
A week earlier, Lisa Monaco, assistant to the president for homeland security and counterterrorism, touched on some of the implications of election system cyberattacks during remarks at the Aspen Institute Security Forum. She said big cyberattacks must be thoroughly investigated before any scaled response is made.
Monaco added that the reaction to those who hack election systems in the U.S. might resemble what happened in response to the cyberattack on Sony Pictures Entertainment. That attack crossed a threshold into being destructive and coercive, she said. The U.S. government ultimately attributed it to North Korea and hit the country with sanctions.
She pointed out that the government has also prosecuted Chinese military personnel who have hacked into U.S. companies' systems to steal data and recently indicted Iranian hackers for a series of cyberattacks, including one in which they allegedly manipulated water-control systems on the Bowman Dam in Westchester County, N.Y.
A deliberate intrusion to coerce or influence this country's political process is a "serious, serious issue," Monaco said. She added that attacks on the U.S. political process could require a new type of response.
Monaco said responses to big cyberattacks are made on a case-by-case basis.
However, Vishal Gupta, CEO of cybersecurity technology company Seclore, told FCW that if election systems are designated critical infrastructure, the label could automatically magnify, or even prescribe, a response.
"Would an attack on the [Democratic or Republican national committees] be considered an attack on the U.S. or a matter of national security?" he asked.
If Russia is found to be responsible for the attacks on the Democratic committee, as many have speculated, Gupta said that under critical infrastructure parameters, the attacks would be considered a threat to national security, which could lead to the determination that they constitute an act of war.
"Is an offense against the Democrats or Republicans an act of war?" he asked. "I'm not sure. The real problem here is that regardless of the designation, the organizations responsible for the systems being breached need to do a better job of prioritizing cybersecurity."
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at firstname.lastname@example.org or follow him on Twitter at @MRockwell4.