For Immediate Release – Feb. 8, 2018 –
WASHINGTON, D.C. – The members of the National Association of Secretaries of State (NASS) would like to respond to the NBC News Story entitled “Russians penetrated US voter systems, says top US Official,” by Cynthia McFadden, William M. Arkin and Kevin Monahan. We believe it is important to provide the most accurate public record possible regarding election cybersecurity.
The U.S. Department of Homeland Security (DHS) reported to Congress in June 2017 that 21 states were targeted during the 2016 election season. The 21 states were then notified by DHS in September 2017. This has been reported on numerous times over the past eight months. Please make no mistake, all 50 states consider themselves a target.
What DHS Cybersecurity Chief, Jeanette Manfra said was “we saw targeting of 21 states and an exceptionally small number of them were actually successfully penetrated.” NBC chose to interpret that statement to mean “several states” were successfully penetrated. We are still only aware of one state voter registration system that was penetrated and that office made a public statement at the time.
It is also important to note that some of the 21 states notified discovered it was not their election networks that were targeted or scanned, but other networks in the state and non-election related websites. To be clear, a scan is not a hack.
Former DHS Secretary Jeh Johnson went on to say, “2016 was a wake-up call and now it’s incumbent upon states and the Feds to do something about it before our democracy is attacked again.” In fact, state and local election officials have been working diligently on this issue since Mr. Johnson departed DHS over a year ago.
Under the critical infrastructure designation made by DHS in Jan. 2017, there is now an Election Infrastructure Government Coordinating Council (EIS-GCC) which includes federal, state and local government officials. We are diligently working on improved threat information sharing protocols and resources for state and local election officials. Through the EIS-GCC, a number of states have participated in a pilot program to share election-specific threat indicators. If the pilot is deemed successful, it will be approved for all states who choose to participate.
In addition, states have ramped up their cyber postures with penetration testing, risk and vulnerability assessments, tools from MS-ISAC, DHS, the private sector, the National Guard and universities. Secretaries are also working with their legislatures to secure more funding for improved cybersecurity.
As Ms. Manfra said, the states are all taking the issue of election cybersecurity very seriously. Make no mistake, election security is a top priority for Secretaries of State across the country. We ask that DHS and others help us rebuild voter confidence in our election systems by promoting these efforts and providing clear, accurate assessments.
# # #