Amid DHS leadership shuffle, voting systems remain vulnerable

Jeh Johnson 

Even with the widespread attention and federal protections provided to election systems, state and federal officials alike have concerns that U.S. election systems remain vulnerable to digital meddling.

In the final days of the Obama administration, then-Department of Homeland Security Secretary Jeh Johnson formally designated state election assets as U.S. critical infrastructure in response to digital floods of misinformation, as well as Russian cyber espionage on an election software vendor and spear-phishing attempts against local election officials during the lead-up to the November 2016 presidential election.

The move allowed state governments to ask DHS for help on a voluntary basis in securing their election infrastructure, but was met with resistance from many state officials and some members of Congress.

Amid this resistance -- and the current shuffle in DHS leadership -- Johnson expressed fear on CBS's Face the Nation Aug. 6 that voting systems remain vulnerable to digital meddling.

"I'm concerned that we are almost as vulnerable, perhaps, now as we were six, nine months ago," he said.

"The cyber threat is going to get worse before it gets better in this country," he added. "Bad cyber actors are becoming more aggressive, more ingenuous and more tenacious... Nothing would surprise me at this point in terms of their capabilities."

Despite pushback and confusion from states over the critical infrastructure designation, Johnson said that 33 states sought cybersecurity assistance from DHS during the lead-up to the election.

"We identified a number of vulnerabilities in election infrastructure which were addressed," he said. "But that process needs to continue."

Election Assistance Commission Chairman Thomas Hicks told FCW that as far as improvements to security, the effect of the designation is "still a wait-and-see process."

"I believe the election itself is secure, but that doesn't mean we can't do more for that," he said, adding that doing more "is not going to be a quick fix."

Hicks noted that in the lead-up to the 2018 elections, it's not just the interference with the actual ballot-casting that states must protect against.

"One of the things that the critical infrastructure designation brought to light to is that securing these elections doesn't take place just on Election Day," he said.

Hicks said that securing an election also entails securing web-facing applications, polling places, election machines, as well as sites that report election night results.

Hicks added that some of the vulnerabilities are physical in nature, and states should make sure only authorized officials have access to the machines, both while in the polling places and while in storage.

Another challenge facing states is that many of the electronic voting machines are nearing the end of their lifecycles. Although states are currently on the hook for paying for the next generation of equipment, Hicks said the issue of whether the federal government will help foot the bill remains a question.

The recent reshuffling that placed Johnson's successor John Kelly, who supported maintaining the critical infrastructure designation, in the White House chief of staff role has left DHS without a permanent secretary.

Hicks said that since the precedent for the designation has been set by the next secretary's two predecessors, he doesn't believe it will change. He added, however, that "time will tell when the next person is confirmed."

EAC, an independent agency stood up in 2002 to help protect the integrity of elections, has come under fire from congressional Republicans.

In addition to a revived effort from Rep. Gregg Harper (R-Miss.) to shutter EAC, the House Financial Services and General Government Appropriations Subcommittee drafted a bill that would terminate the agency by the end of fiscal year 2018.

In response, subcommittee Ranking Member Mike Quigley (D-Ill.) introduced an amendment to retain the commission and provide $9.2 million in funding for fiscal year 2018.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter


  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.