Security Clearances Won’t Get in the Way of Responding to Election Cyber Threats, Officials Say

A lack of security clearances among some state and local election officials shouldn’t hinder the Homeland Security Department from responding speedily to Election Day cybersecurity threats, the department’s top cyber official said Wednesday.

Even if state and local election officials don’t have the necessary authorizations to view a particular piece of threat information, Homeland Security Undersecretary Chris Krebs said he’s confident those officials will start trying to mitigate the threat if he asks them to.

“I’m confident that if I had a piece of information right now …I could say: ‘Look, I’ve got something you need to see. You need to take action. It’s going to take me a day or two to get you the information, but, in the meantime, you need to take action,” Krebs during an election readiness summit hosted by the Election Assistance Commission.

“We have trust established so there would be at least the beginning of an article of faith that they would do something,” he said.

Homeland Security has secured full clearances for 100 state and local officials so far, an official told Nextgov Wednesday. That’s a major jump from about 20 cleared officials in March.

The slow process on security clearances irked some lawmakers who worry about a repeat of 2016 when it took Homeland Security months to share information with some states about Russian efforts to probe their election systems.

Krebs described the popular focus on security clearances for state-level officials as a “distraction” Wednesday, saying there are a variety of methods for getting urgent information to officials without full security clearances.

“If I have to get a piece of information that … someone in the intelligence community gives me [to un-cleared officials], I’m going to get it there one way or another,” he said.

In addition to providing state officials with a recommended fix to a vulnerability but not the vulnerability itself, Krebs said he can authorize short-term clearances to state officials or work with the intelligence community to rapidly declassify a piece of information.

Krebs promised that state and federal information sharing about election threats is “well, well, well beyond where we were in 2016.”

Declassification is essentially a negotiation between Homeland Security and the intelligence community aimed at sharing as much information as possible without compromising intelligence sources and methods.

That process has become much faster in recent years, a Homeland Security official has said.

In the face of a significant threat to election security, the government should adopt a “real time, just get it done, we’ll worry about the consequences later” approach, said William Evanina, director of the National Counterintelligence and Security Center, who spoke on the panel with Krebs.  

“If there is a threat posed to your county … there should be no rationale for an inability for anyone to provide that to you now,” Evanina said.

Is China an election security threat?

Also during Wednesday’s discussion, Evanina described Chinese social media influence operations aimed at shifting American popular opinion. He declined to say whether those efforts were aimed at aiding specific politicians that support Chinese priorities or harming politicians that oppose them.

There’s no evidence yet of Chinese efforts to hack into U.S. election infrastructure, he said, backing up comments yesterday from Homeland Security Secretary Kirstjen Nielsen.

President Donald Trump claimed at a United Nations Security Council meeting last week that China “has been attempting to interfere in our upcoming 2018 election,” a claim that administration officials have not yet publicly backed up with evidence or details.  

The government has not seen a concerted effort from China or any other nation to undermine the 2018 election on the level that Russia attempted in 2016, officials have said.

Homeland Security, however, is preparing to defend against election meddling efforts that meet or even surpass the 2016 benchmark, Krebs said, noting that Russia and other U.S. adversaries have had two years to learn and improve since the last biennial election.

“We’re planning to a baseline of 2016 activity and then some,” Krebs said. “This is part of that skating to where the puck is.”