FBI to Alert States About Local Election System Hacks

Alexandru Nika/Shutterstock.com

Featured eBooks

Digital First
Cybersecurity & the Road Ahead
Emerging Technology Trends

The FBI changed its policy to allow agents to inform both state and local election officials when election systems are breached.

The Federal Bureau of Investigation announced Thursday it will begin informing state election officials when local election systems are hacked, a policy change intended to improve cybersecurity coordination and address concerns state leaders have raised about transparency.

More than 8,000 jurisdictions run elections in the United States, but state election officials often have a role in certifying election results. In the past, when the FBI has gotten involved in a local election system breach, it has not automatically reported its findings to state-level officials. But because of the dual role that state and local officials play in overseeing elections, the FBI said it will now report cyber intrusions to both levels of government.

The bureau was criticized in the wake of the 2016 presidential election, after it was disclosed that Russian military intelligence had infiltrated the election systems of two Florida counties. State officials said they didn’t know anything about the hacks. Gov. Ron DeSantis was later briefed on the matter, but not allowed to disclose which counties were affected.

The new FBI policy requires disclosures about cyber intrusions to be made to both state and local election officials as soon as possible and preferably in person, according to senior FBI and Department of Justice officials who briefed reporters on the policy change.

“When we think of who the victim is, there is a politically accountable official somewhere in that state who is going to have to sign off on certifying those results,” said a senior DOJ official, speaking on background about the new policy. “That person needs to have some insight into the potential threats that might undermine the integrity or perceived integrity of those results.”

The FBI does not intend to disclose information about specific cyber intrusions public, but officials said states may find it is in the public interest to do so themselves.

Election security has taken on increased urgency ahead of the 2020 presidential election­—particularly as the extent of Russian meddling in the 2016 election has come into focus. Federal officials previously acknowledged that Russian hackers targeted 21 state election systems ahead of the 2016 election. Russian hackers were also able to infiltrate the Illinois State Board of Elections and steal personal data of approximately 500,000 voters.

The National Association of Secretaries of State, which has worked to facilitate better coordination on election issues between federal, state and local governments, applauded the FBI’s policy change.

“We are pleased to see information sharing increase and evolve to meet the needs of election officials,” said NASS spokeswoman Maria Benson.

The Department of Homeland Security declared elections systems as critical infrastructure in 2017 and federal, state and local authorities have worked to boost election system security in the wake of the 2016 elections.