More states say DHS scanned election systems

Officials from two more states have reported their election systems experienced unauthorized Department of Homeland Security cyberscans in the run-up to the presidential election, or in the days immediately after.

The State of Indiana's Information Sharing and Analysis Center reported that over 10,000 individual hits on its systems originated from a handful of DHS IP addresses. According to a January IN-ISAC report provided to FCW by the Indiana Secretary of State's office on Feb. 23, those same IP addresses were associated with a similar unauthorized scan of the State of Georgia's election systems in the fall of 2016 and early 2017.

The IN-ISAC report said its assessment of traffic to and from its systems between Nov. 15, 2016, and Jan. 24, 2017, found "with a high degree of certainty" that the unauthorized scans originated at DHS IP addresses. It said it confirmed the IP addresses were owned by DHS through a "WhoIS" search.

The report said a total of 10,184 unique connections from the IP addresses created over one billion network events during the time period. A total of 45 unique State of Indiana public-facing IPs were scanned from the nine DHS IP addresses.

The report all but ruled out web profiling done by authorized multi-state ISACs or other authorized network and penetration testing. It said it had not requested or provided consent for services from the National Cybersecurity Assessment & Technical Services or any other penetration testing services offered by any US-DHS component.

Georgia's Secretary of State Brian Kemp complained about the activity on his systems to DHS in a letter, which led to a House Oversight inquiry to DHS about the issue.

After reports surfaced in December about Georgia, DHS said it traced the attempt outlined in Kemp's letter to the agency back to a contractor working at the Federal Law Enforcement Training Center in Glynco, Ga. The firm said it was verifying licenses for prospective armed guards for the facility, a service that the Secretary of State's website provides.

As the report from the IN-ISAC emerged publicly, Idaho Secretary of State Lawerence Denney told a local newspaper on Feb. 14 that his state's public election website had experienced similar unauthorized DHS during the same period.

Some states have become vocal opponents of DHS' designation of their election systems as critical infrastructure worthy of the same federal protections as crucial industries such as energy and financial systems.