More states say DHS scanned election systems

Shutterstock image (by deepadesigns): Safety concept, closed padlock on a digital background. 

Officials from two more states have reported their election systems experienced unauthorized Department of Homeland Security cyberscans in the run-up to the presidential election, or in the days immediately after.

The State of Indiana's Information Sharing and Analysis Center reported that over 10,000 individual hits on its systems originated from a handful of DHS IP addresses. According to a January IN-ISAC report provided to FCW by the Indiana Secretary of State's office on Feb. 23, those same IP addresses were associated with a similar unauthorized scan of the State of Georgia's election systems in the fall of 2016 and early 2017.

The IN-ISAC report said its assessment of traffic to and from its systems between Nov. 15, 2016, and Jan. 24, 2017, found "with a high degree of certainty" that the unauthorized scans originated at DHS IP addresses. It said it confirmed the IP addresses were owned by DHS through a "WhoIS" search.

The report said a total of 10,184 unique connections from the IP addresses created over one billion network events during the time period. A total of 45 unique State of Indiana public-facing IPs were scanned from the nine DHS IP addresses.

The report all but ruled out web profiling done by authorized multi-state ISACs or other authorized network and penetration testing. It said it had not requested or provided consent for services from the National Cybersecurity Assessment & Technical Services or any other penetration testing services offered by any US-DHS component.

Georgia's Secretary of State Brian Kemp complained about the activity on his systems to DHS in a letter, which led to a House Oversight inquiry to DHS about the issue.

After reports surfaced in December about Georgia, DHS said it traced the attempt outlined in Kemp's letter to the agency back to a contractor working at the Federal Law Enforcement Training Center in Glynco, Ga. The firm said it was verifying licenses for prospective armed guards for the facility, a service that the Secretary of State's website provides.

As the report from the IN-ISAC emerged publicly, Idaho Secretary of State Lawerence Denney told a local newspaper on Feb. 14 that his state's public election website had experienced similar unauthorized DHS during the same period.

Some states have become vocal opponents of DHS' designation of their election systems as critical infrastructure worthy of the same federal protections as crucial industries such as energy and financial systems.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at [email protected] or follow him on Twitter at @MRockwell4.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected