The Homeland Security Department formed an election security task force last week to help shore up state and local voting infrastructure, a top official told lawmakers Tuesday.
That task force will draw resources and expertise from across the department, including Homeland Security’s intelligence and analysis division, acting undersecretary for the department’s cybersecurity and critical infrastructure division Christopher Krebs told members of a House Homeland Security panel on cybersecurity.
Previously, the department was running election security operations as a program inside its infrastructure protection division, Krebs said. The shift will make it easier to bring departmentwide resources to bear in protecting the 2018 congressional elections and various elections during 2017 and 2018, he said.
Krebs did not know offhand how much money the department is devoting to election security or how many full-time employees are working on the issue when asked by lawmakers.
The Obama administration designated election systems as critical infrastructure in the wake of Russian digital meddling in the 2016 presidential election, a move that made it easier for Homeland Security to commit resources to the problem but that caused tensions with state and local election officials.
More than nine months later, state election officials are still irked but ready to work with federal officials.
As a result, there’s been a surge in requests for Homeland Security cyber pros to test state and local voting machines and computer systems for cyber vulnerabilities, said Jeanette Manfra, assistant secretary in Homeland Security’s Office of Cybersecurity and Communications.
Manfra’s division is diverting resources from elsewhere to meet that demand, she said, but the surge has led to increased wait times.
Manfra did not have figures on how long state and local officials typically wait for that testing but did not dispute subcommittee ranking member Cedric Richmond, D-La., who said he’d heard it might be as long as nine months.
SEC Never Asked for Help
The Securities and Exchange Commission alerted Homeland Security about a 2016 data breach soon after they discovered it in November, but Homeland Security had “very limited involvement” after that because the financial trading agency never requested additional help investigating the breach or mitigating its impact, Manfra told lawmakers.
The department is reviewing the SEC breach and other government breaches, Manfra said. Homeland Security wants to ensure it’s involved in major breaches in the future even if the breached agency doesn’t formally request its help, she said.
“If we’re looking at specific critical services and functions, then the department needs to have a more active role in that response, regardless of whether the agency requests it,” she said.
Only two people’s personal information was compromised in the breach of SEC’s EDGAR online filing system, but hackers may have used the breach to profit by trading on non-public information.
Kaspersky Ban Based on Open Source Info
A Homeland Security directive banning software from the Russian antivirus company Kasperksy on U.S. government systems “was based on the totality of evidence including, for the most part, open source information,” Krebs told lawmakers.
That open source information likely includes news reports about ties between the company’s founder Eugene Kasperksy and other top executives and Russian intelligence agencies. Homeland Security did not immediately respond to a Nextgov request to clarify the comments.
Kaspersky has consistently denied that it helps the Russian government or any other government in its spying efforts and there is no public evidence to the contrary.
Open source is an intelligence term referring to information, such as news articles, that is in the public domain as opposed to secret intelligence, such as wiretaps or human intelligence from confidential informants.
Filling Out the Ranks
Homeland Security has filled just 76 percent of its cyber jobs, Manfra told lawmakers.
Manfra attributed the open positions primarily to the long process of securing top secret security clearances for new cyber staffers, which takes the department, on average, 224 days, she said.
“That sounds long, but…from the benchmark of the rest of the government we’re actually doing quite well,” she said.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
Another 9 percent of cyber staffers are in the hiring pipeline, Manfra said, and the “time to hire” cyber staffers dropped 10 percent between the 2016 and 2017 fiscal years.
What’s in a name?
Krebs thanked the committee for passing legislation that would reorganize Homeland Security’s cyber and infrastructure protection divisions and change the name of the division overseeing them from the National Protection and Programs Directorate to the Cybersecurity and Infrastructure Protection Agency.
That name change is more important than it might seem, Krebs said, describing a trip he took to hurricane-ravaged Puerto Rico last week with acting Homeland Security Secretary Elaine Duke.
During a meeting between Homeland Security divisions and Puerto Rican officials, Krebs said, he described NPPD’s work helping telecommunication providers set up temporary cell phone service across the island.
One of the Puerto Rican officials then went into a press conference where she described meeting with “FEMA, TSA, [the] Coast Guard and the comms guy,” he said.
“She didn’t know how to describe me,” he said. “When I’m out engaging my stakeholders, they don’t understand the mission I deliver.”