Cybersecurity

Former DHS boss says 'no evidence' of tampering in 2016 vote count

Jeh Johnson 

Former DHS Secretary Jeh Johnson returned to Caption Hill as a private citizen to testify about Russian intrusion into U.S. voting systems.

At a House hearing, former Homeland Security Secretary Jeh Johnson testified that Russian interference in U.S. elections did not extend to manipulating vote counts, as far as he knows.

"I know of no evidence that through cyber intrusions votes were altered or suppressed in some way," Johnson said at the June 21 hearing of the Permanent Select Committee on Intelligence.

Johnson told lawmakers that the level of Russian state interference with U.S. voting systems was "unprecedented in scale and scope," and said the U.S. government must figure out how to respond in the future because he believes that more attacks on the election systems are coming in 2018 and 2020.

Two things that are likely not going to happen, though, is a centralization of U.S. voting systems or federal standards for voting equipment.

"Well, I would say to this Congress, if you want to try to federalize elections in this country, good luck," Johnson told lawmakers.

He thinks Congress will have better luck encouraging cybersecurity best practices in state and local governments that procure and operate election systems through grants and other incentives.

Johnson also is advocating for an identifiable top federal official to "take the mantle of cybersecurity on full time to highlight this issue," he said.

"My preference would be somebody within DHS, but we really need a national leader to take charge of this issue," he said.

Johnson also sought to sooth those officials who were concerned by his designation of voting systems as "critical infrastructure" in January just before exiting government service. Among the benefits, Johnson said, is that critical infrastructure systems come under the protection of international cyber norms, and that the designation had been extended to 16 sectors already including financial systems and power grids, without any government takeover, new regulation or operational interference.

"This was something that was a no-brainer, and in fact probably should have been done years before."

He added that state and local voter registration databases are vulnerable to exfiltration, exposure and manipulation. Johnson advised all election officials "to undertake an effort to harden their cybersecurity [and] minimize the exposure of the process to the internet."

'We've got Crowdstrike'

Johnson also offered details on the response of Democratic National Committee officials to the Russia-linked hack of their systems that led to the exposure of email accounts from top officials, including those of Hillary Clinton's campaign chairman John Podesta.

DNC officials did not invite DHS cybersecurity experts in to help discover the source of the attacks and minimize the damage.

"This was a question I asked repeatedly," Johnson said. "What are we doing? Are we helping them discover the vulnerabilities?"

The DNC intrusion came about a year after the devastating breach of Office of Personnel Management databases that held information on more than 21 million federal employees and retirees. DHS, according to Johnson, was "anxious" to offer help.

"The response I got was that FBI had spoken to them. They don't want our help. They have Crowdstrike, the cybersecurity firm," Johnson said.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.