Senator Tom Carper (D-Del.), ranking member of the Senate Committee on Homeland Security and Governmental Affairs, today wrote Department of Homeland Security (DHS) Secretary Jeh Johnson “regarding the potential of cyber security vulnerabilities in voting machines and other information technology utilized in election systems across the United States.”
“I write today regarding the recent cyberattacks on American political organizations and the potential vulnerability of election systems and voting machines in the United States to similar attacks,” Carper told Johnson.
“Election security is critical, and a cyberattack by foreign actors on our election systems could compromise the integrity of our voting process,” Carper wrote, noting, “The American public should have confidence in our current election systems and the efforts of state and local governments that have made the risk of voter fraud and a successful cyberattack remote. At the same time, the federal government can play a supporting role in helping address the potential for these types of attacks. Designating election systems as critical infrastructure could improve and expand our nation’s ability to prevent and to respond to potential cyberattacks originating both from inside or outside our borders. As such, I commend your efforts to carefully consider this issue and urge you to make this determination as quickly as is feasible.”
Carper told Johnson, “As you are aware, recent reports indicate the Russian Federal Security Service and Russian military intelligence may have been involved in the recent cyberattacks against the Democratic National Committee and the Democratic Congressional Campaign Committee. If these reports are accurate, such an intrusion raises concerns about the ability of foreign actors to interfere in the American political process during the upcoming election, including through cyberattacks targeting electronic voting machines or the information technology of state and local election officials.”
Carper noted that Johnson recently “indicated that DHS is considering whether to designate election systems in the United States as critical infrastructure. While I am not aware that DHS has publically identified a specific or current cyberthreat related to election systems, concerns regarding the security of election-related information technology have persisted for some time.”
“As far backas 2004,” Carper told Johnson, “the United States Computer Emergency Readiness Team identified vulnerabilities in voting machines that would allow malicious actors to modify vote totals. Other entities, including the Argonne National Laboratory and the Virginia State Board of Elections, have identified issues that left certain electronic voting machines vulnerable to physical or wireless intrusion without detection. Additionally, the CIA has reportedly monitored foreign countries’ use of electronic voting systems and identified attempts to manipulate election outcomes in those countries.”
Carper reminded Johnson that he’d “indicated DHS is considering communicating with state and local election officials to inform them of best practices to guard against cyber intrusions related to electronic voting machines. As the federal agency that has expertise to assist state and local governments with cyberthreats, I encourage you to move quickly to provide appropriate technical assistance and any other support to state and local jurisdictions that request assistance with the cybersecurity of their election systems. I also ask that you coordinate your efforts with the National Institute of Standards and Technology, the Election Assistance Commission and other relevant agencies involved with the security of election systems.”