Cybersecurity

Former DHS boss says 'no evidence' of tampering in 2016 vote count

Jeh Johnson 

Former DHS Secretary Jeh Johnson returned to Caption Hill as a private citizen to testify about Russian intrusion into U.S. voting systems.

At a House hearing, former Homeland Security Secretary Jeh Johnson testified that Russian interference in U.S. elections did not extend to manipulating vote counts, as far as he knows.

"I know of no evidence that through cyber intrusions votes were altered or suppressed in some way," Johnson said at the June 21 hearing of the Permanent Select Committee on Intelligence.

Johnson told lawmakers that the level of Russian state interference with U.S. voting systems was "unprecedented in scale and scope," and said the U.S. government must figure out how to respond in the future because he believes that more attacks on the election systems are coming in 2018 and 2020.

Two things that are likely not going to happen, though, is a centralization of U.S. voting systems or federal standards for voting equipment.

"Well, I would say to this Congress, if you want to try to federalize elections in this country, good luck," Johnson told lawmakers.

He thinks Congress will have better luck encouraging cybersecurity best practices in state and local governments that procure and operate election systems through grants and other incentives.

Johnson also is advocating for an identifiable top federal official to "take the mantle of cybersecurity on full time to highlight this issue," he said.

"My preference would be somebody within DHS, but we really need a national leader to take charge of this issue," he said.

Johnson also sought to sooth those officials who were concerned by his designation of voting systems as "critical infrastructure" in January just before exiting government service. Among the benefits, Johnson said, is that critical infrastructure systems come under the protection of international cyber norms, and that the designation had been extended to 16 sectors already including financial systems and power grids, without any government takeover, new regulation or operational interference.

"This was something that was a no-brainer, and in fact probably should have been done years before."

He added that state and local voter registration databases are vulnerable to exfiltration, exposure and manipulation. Johnson advised all election officials "to undertake an effort to harden their cybersecurity [and] minimize the exposure of the process to the internet."

'We've got Crowdstrike'

Johnson also offered details on the response of Democratic National Committee officials to the Russia-linked hack of their systems that led to the exposure of email accounts from top officials, including those of Hillary Clinton's campaign chairman John Podesta.

DNC officials did not invite DHS cybersecurity experts in to help discover the source of the attacks and minimize the damage.

"This was a question I asked repeatedly," Johnson said. "What are we doing? Are we helping them discover the vulnerabilities?"

The DNC intrusion came about a year after the devastating breach of Office of Personnel Management databases that held information on more than 21 million federal employees and retirees. DHS, according to Johnson, was "anxious" to offer help.

"The response I got was that FBI had spoken to them. They don't want our help. They have Crowdstrike, the cybersecurity firm," Johnson said.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.