The Department of Homeland Security is upping its game to help state and local officials with strengthening the security of their election systems through the creation of a new task force, according to a senior department official.
Last week the DHS National Protection and Programs Directorate established an election task force that includes members from the different departments components, including the Office of Intelligence and Analysis, to work with state and local governments to help them protect their election systems, Christopher Krebs, the acting undersecretary of the NPPD, on Tuesday told the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection.
Prior to the creation of the task force, the Office of Infrastructure Protection within NPPD was in charge of working with state and local governments to provide any help they needed with their election systems. Krebs said that elevating this role to a task force is comes down to “matching my words with our execution,” adding that the entity is being resourced “appropriately.”
“We’re pulling the resources together in recognition that we don’t have a lot of time, given there are three elections this year,” he said.
Concerns over the integrity of elections systems, which are managed by state and local officials, spiked after the U.S. intelligence community pointed to Russian interference in the 2016 presidential elections and subsequent disclosures by DHS that the Russians attempted to hack election systems in a number of U.S. states prior to election day last November.
After Tuesday’s hearing, a DHS official told Defense Daily via email that the new task force “will improve our coordination with and support to our stakeholders, including state and local governments running the nation’s election systems. It will focus efforts on improving communication with state election officials in order to help states strengthen their election infrastructure.”
After the elections and shortly before former President Barack Obama’s term ended in January, his homeland security chief, Jeh Johnson, designated the nation’s election systems as critical infrastructure. Keenly aware that state and local officials were concerned about a federal takeover of their election systems, Johnson said that DHS wouldn’t be regulating or overseeing elections but instead would allow his department to prioritize help with cyber security capabilities if the state and local officials want it.
The Trump administration has kept the designation intact. Krebs said that DHS has not had relationships with state and local election officials but that it needs to “develop partnerships” with states that are stronger. Currently, DHS has partnerships with state chief information officers and chief information security officers but needs to expand these relationships to election officials.
Krebs said it will “take a lot of effort and a little bit of time” to establish these new relationships.
In his opening remarks, Rep. Cedric Richmond (D-La.), ranking member of the subcommittee, said that it taking DHS nine months from the time it receives a request for a risk and vulnerability assessment from state election officials until delivering. He also said state official are complaining that it is taking too long to complete the security clearance process for election officials.
Jeanette Manfra, assistant secretary for Cybersecurity and Communications within NPPD, later in the hearing said the reason for the delays in providing cyber risk and vulnerability assessments to state and local election system is the “high demand” for her office’s services. These services include penetration testing, cyber hygiene scans, and in-depth risk and vulnerability assessments, she said.
DHS is “growing” its program to help state election officials and “diverting resources” as well, Manfra said. These services are also provided to federal, state and local governments, as well as critical infrastructures, all of which are seeking help, she said.