DHS cyber chief says the election system 'works,' is resilient to tampering

Christopher Krebs, Homeland Security’s undersecretary for the National Protection and Programs Directorate, said that while Russia stole voter data during the 2016 election, vote tallies were not hacked.

secure election (WhiteDragon/Shutterstock.com)
 

The U.S. election system may be under attack, but Christopher Krebs argues that democracy's defenses are resilient.

Krebs, the Department of Homeland Security's undersecretary for the National Protection and Programs Directorate, stressed during a July 20 Washington Post cyber event that individuals' voting rights were safe despite persistent cybersecurity threats to election infrastructure.

"The way the system by law -- not just the technical system but the broader election system is constructed -- is that if you, anyone in this room or watching online, shows up to vote and something is wrong with your registration, either you're not in the system or you're clearly not a woman and this says you are, you have the right by law to request a provisional ballot," he said.

"It can take a little bit of time, it can be disruptive on election day and can cause a little bit of concern, but this happens already without Russians getting involved."

The 2018 midterm elections do remain a target. Krebs told senators during a July 11 hearing of the House Homeland Security Committee that while the elections remain a potential target for Russian disinformation campaigns, there's no evidence that activity has reached 2016 levels.

"What we're saying is we haven't seen a campaign on the scale of 2016 of concerted attacks against the election infrastructure, concerted attacks against these campaigns," Krebs said -- the latter point referring to a senior Microsoft executive's July 19 assertion that three 2018 candidates' campaigns were being targeted by phishing campaigns similar to those seen in 2016. (Krebs said DHS and the FBI are working with Microsoft to share information and "shore up defenses.")

The biggest issue, Krebs said, is lack of cooperation between the private sector and state and federal governments, which has prompted development of a new risk management initiative.

DHS is preparing to launch an initiative that will have "integrated cross sector government-industry collaboration in the cybersecurity, critical infrastructure protection space," and include the Treasury and Energy Departments as well as other sector-specific agencies, he said. Together they will create "a coordination capability" that combines and supports cybersecurity and industrial control system expertise.

"No company out there, no state out there is going to work on this challenge by themselves, we have to work together," Krebs said. "We're pushing a collective security model where we work together to manage risk."