Cybersecurity

Former DHS boss says 'no evidence' of tampering in 2016 vote count

Jeh Johnson 

Former DHS Secretary Jeh Johnson returned to Caption Hill as a private citizen to testify about Russian intrusion into U.S. voting systems.

At a House hearing, former Homeland Security Secretary Jeh Johnson testified that Russian interference in U.S. elections did not extend to manipulating vote counts, as far as he knows.

"I know of no evidence that through cyber intrusions votes were altered or suppressed in some way," Johnson said at the June 21 hearing of the Permanent Select Committee on Intelligence.

Johnson told lawmakers that the level of Russian state interference with U.S. voting systems was "unprecedented in scale and scope," and said the U.S. government must figure out how to respond in the future because he believes that more attacks on the election systems are coming in 2018 and 2020.

Two things that are likely not going to happen, though, is a centralization of U.S. voting systems or federal standards for voting equipment.

"Well, I would say to this Congress, if you want to try to federalize elections in this country, good luck," Johnson told lawmakers.

He thinks Congress will have better luck encouraging cybersecurity best practices in state and local governments that procure and operate election systems through grants and other incentives.

Johnson also is advocating for an identifiable top federal official to "take the mantle of cybersecurity on full time to highlight this issue," he said.

"My preference would be somebody within DHS, but we really need a national leader to take charge of this issue," he said.

Johnson also sought to sooth those officials who were concerned by his designation of voting systems as "critical infrastructure" in January just before exiting government service. Among the benefits, Johnson said, is that critical infrastructure systems come under the protection of international cyber norms, and that the designation had been extended to 16 sectors already including financial systems and power grids, without any government takeover, new regulation or operational interference.

"This was something that was a no-brainer, and in fact probably should have been done years before."

He added that state and local voter registration databases are vulnerable to exfiltration, exposure and manipulation. Johnson advised all election officials "to undertake an effort to harden their cybersecurity [and] minimize the exposure of the process to the internet."

'We've got Crowdstrike'

Johnson also offered details on the response of Democratic National Committee officials to the Russia-linked hack of their systems that led to the exposure of email accounts from top officials, including those of Hillary Clinton's campaign chairman John Podesta.

DNC officials did not invite DHS cybersecurity experts in to help discover the source of the attacks and minimize the damage.

"This was a question I asked repeatedly," Johnson said. "What are we doing? Are we helping them discover the vulnerabilities?"

The DNC intrusion came about a year after the devastating breach of Office of Personnel Management databases that held information on more than 21 million federal employees and retirees. DHS, according to Johnson, was "anxious" to offer help.

"The response I got was that FBI had spoken to them. They don't want our help. They have Crowdstrike, the cybersecurity firm," Johnson said.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.