Cybersecurity

House panel probes DHS scans of state election tech

 

The leader of the House Committee on Oversight and Government Reform wants a fuller accounting from the Department of Homeland Security about complaints of the agency "rattling of doorknobs" on the state of Georgia's network firewall.

Committee Chairman Jason Chaffetz (R-Utah) sent letters on Jan. 11 to DHS Secretary Jeh Johnson and DHS Inspector General John Roth asking about "unauthorized scans" and "unsuccessful attempts to penetrate" the Georgia Secretary of State's  firewall from last February into November's election season.  

The letters to Roth and Johnson were released publicly on Jan. 17.

The correspondence was spurred by Georgia's Secretary of State Brian Kemp's repeated letters to DHS asking the agency to provide more information on what he said were attempts to penetrate his agency’s firewall from "a DHS-registered IP address." He said the attempts dated back to last February.

Kemp has been a vocal opponent of making state election infrastructure federally defended "critical infrastructure" in the wake of the hacking of election databases by Russia.

In the run-up to the November election, DHS was increasingly concerned about those hackers penetrating state-run election systems. Many states were asking DHS for help to block hacking attempts. That help included the agency's network scanning capabilities.

At about the same time, Kemp became particularly vocal about his opposition to adding state-run election systems to DHS' list of 15 critical infrastructure systems.

In mid-December, Kemp wrote President-elect Donald Trump that his agency’s systems had experienced "nine additional, but 'less intrusive scans'" dating back to February 2016. Most of the alleged attempts, such as a Sept. 28 incident that occurred just before Kemp testified before Chaffetz' committee on election cybersecurity, occurred around a significant election-related date.

Johnson declared state election systems "critical infrastructure" in early January. Kemp called that declaration "blatant overreach" by the federal government and vowed to "continue to fight to keep election systems under the control of state government where it belongs."

In his letter to Roth, Chaffetz requested the IG open an investigation into DHS' activities with the Georgia system. In his letter to Johnson, Chaffetz requested all of the DHS secretary's correspondence with Kemp.

According to Chaffetz' letter to Roth, Johnson informed Kemp the attempt to gain access to the state's network had been "normal…interaction" by a DHS contractor with the Georgia Secretary of States' website." Johnson, according to Chaffetz, assured Kemp that "'there was no scanning,'" or security assessment of the network by DHS.

DHS, Chaffetz said, traced the attempt outlined in Kemp's first letter to the agency back to a contractor working at the Federal Law Enforcement Training Center in Glynco, Ga., who said it was verifying licenses for prospective armed guards for the facility, a service that the Secretary of State's website provides.

Chaffetz, however, said Johnson didn't provide adequate information to verify that claim and had said the response was an "initial finding" and "subject to change." Chaffetz also questioned the agency's ability to investigate itself efficiently or without bias.

The official explanation, Chaffetz wrote, is dubious and requires an independent investigation.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


Featured

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

  • FCW Illustration.  Original Images: Shutterstock, Airbnb

    Should federal contracting be more like Airbnb?

    Steve Kelman believes a lighter touch and a bit more trust could transform today's compliance culture.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.