Cybersecurity

Cyber protections contemplated for U.S. election systems

Shutterstock image (by dencg): digital warning sign.

After repeated hacks of Democratic National Committee systems by attackers who might be associated with the Russian government, the Obama administration is considering bolstering cyber protections for the U.S. election systems by putting them under the critical infrastructure classification the Department of Homeland Security is charged to protect.

"We have to carefully consider whether our election system is critical infrastructure, like the financial system or the power grid," DHS Secretary Jeh Johnson said at an Aug. 3 press breakfast sponsored by the Christian Science Monitor. "There is a vital national interest in our election process."

A week earlier, Lisa Monaco, assistant to the president for homeland security and counterterrorism, touched on some of the implications of election system cyberattacks during remarks at the Aspen Institute Security Forum. She said big cyberattacks must be thoroughly investigated before any scaled response is made.

Monaco added that the reaction to those who hack election systems in the U.S. might resemble what happened in response to the cyberattack on Sony Pictures Entertainment. That attack crossed a threshold into being destructive and coercive, she said. The U.S. government ultimately attributed it to North Korea and hit the country with sanctions.

She pointed out that the government has also prosecuted Chinese military personnel who have hacked into U.S. companies' systems to steal data and recently indicted Iranian hackers for a series of cyberattacks, including one in which they allegedly manipulated water-control systems on the Bowman Dam in Westchester County, N.Y.

A deliberate intrusion to coerce or influence this country's political process is a "serious, serious issue," Monaco said. She added that attacks on the U.S. political process could require a new type of response.

Monaco said responses to big cyberattacks are made on a case-by-case basis.

However, Vishal Gupta, CEO of cybersecurity technology company Seclore, told FCW that if election systems are designated critical infrastructure, the label could automatically magnify, or even prescribe, a response.

"Would an attack on the [Democratic or Republican national committees] be considered an attack on the U.S. or a matter of national security?" he asked.

If Russia is found to be responsible for the attacks on the Democratic committee, as many have speculated, Gupta said that under critical infrastructure parameters, the attacks would be considered a threat to national security, which could lead to the determination that they constitute an act of war.

"Is an offense against the Democrats or Republicans an act of war?" he asked. "I'm not sure. The real problem here is that regardless of the designation, the organizations responsible for the systems being breached need to do a better job of prioritizing cybersecurity." 

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

Reader comments

Tue, Aug 9, 2016

As concerning as it is that Russia (and wikileaks) would hack into the political campaign committees and try to use a strategic dump of information to effect the election outcome - a form of information warfare - I would think they are more concerned about the electronic voting systems that are paid for and controlled at the local and state levels. Those machines and IT systems have already been proved to be hackable. It wouldn't take much for a foreign power to flip votes in a variety of precincts to produce the outcome they wanted and control our elections results. Those are the elections systems that should fall under critical infrastructure, and constitute an act of war if hacked and manipulated.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group