States balk at election system move by DHS

A group of state officials voted to oppose a federal critical infrastructure designation covering their election systems. They're looking to get that designation removed.

The National Association of Secretaries of State voted on Feb. 18 to oppose the Department of Homeland Security's late January designation of state election systems as federally protected "critical infrastructure." The designation puts election systems on similar footing as systems in the energy and financial services sectors.

NASS also voted over the weekend to create a task force to work with federal agencies and stakeholders on election system cybersecurity issues.

While some states, like Arizona, took DHS up on its offer to provide cybersecurity scans of some of their systems in the wake of attempted hacks into state voter registration systems, others are very wary of letting federal agencies into state-managed facilities for fear of, or the impression of, federal influence or management.

During the recent NASS winter meeting, Connecticut Secretary of State Denise Merrill called the DHS designation "a broad new role for the federal government" and said she was still looking for a written guidance from the agency on what the designation means.

Those concerns, Kay Stimson, NASS director of communications told FCW on Feb. 22, led to the resolution. States, she said, aren't bound by the document, but the organization wants to signal to the new administration that the designation isn't necessary.

"We want to send a loud and clear message to rescind the designation," she said.           

Transparency, she said, is the heart of the election system. That transparency could be clouded -- in reality or in the minds of voters -- because of the federal designation.  She said states are willing to work with federal partners, but the designation carries too much baggage and uncertainty related to the federal government's exact role.

White House deputy director of intergovernmental affairs, Billy Kirkland, was at the NASS meeting and indicated he wanted to talk further about the designation, according to Stimson. The organization has not yet contacted the White House to set a meeting, she said, but states could also reach out.

During the meeting last week, Merrill contended that states already have many of the same cyber capabilities that DHS offers and can marshall better information in some cases. They have been effective in tracking down cyber threats.

In January, Georgia Secretary of State Brian Kemp called the DHS designation a "blatant overreach" and later asked for an investigation into what he called "doorknob rattling" on his state’s firewall by DHS in the run up to the election last fall. His state IT team detected the attempts.

Stimson told FCW that Indiana's IT staff tracked similar scan attempts on its facilities in the same period the same DHS IP address.

"What problems does [the designation] solve?" she asked. Work by state IT teams and local FBI offices on cyber issues has been productive, she said. The category of possibly vulnerable election equipment is very small, and the dangers have been overstated, she said.