Delayed transition creates IT, cybersecurity risks for Biden team
Transition experts and former homeland security officials are warning of the potential IT risks associated with a delayed presidential transition, including insecure communication channels and increased cybersecurity vulnerabilities.
Most notably, President-elect Joe Biden’s team is still operating with a public .com domain for its website, rather than a more secure .gov domain. Since May 2017, new .gov federal executive branch domains have been automatically preloaded to a HTTP Strict Transport Security (HSTS) list. This ensures that browsers enforce a secure, private HTTPS connection to the website in question.
“It is kind of ironic that after all the complaining about Hillary Clinton using a private server to communicate on government business, the administration wouldn’t take the steps necessary to allow the president-elect and his team to have a government secure network for their government-related work,” former Secretary of Homeland Security Michael Chertoff said Friday during a panel discussion put on by the Miller Center, the Partnership for Public Service’s Center for Presidential Transition, and Citizens for a Strong Democracy.
The General Services Administration — the agency embroiled in controversy as Administrator Emily Murphy declines to ascertain Biden’s victory — oversees the .gov domain name registration services. GSA has not returned FedScoop’s requests for comment on why Biden’s transition website has not been allowed to register for a .gov domain, as transition teams in the past, including President Trump’s, were allowed to do.
“One would think that it would be in the United States’ interests to have them on a secure communications platform provided by the government under the Presidential Transition Act,” said David Marchick, the director of the Center for Presidential Transition.
Another IT consideration might come on Inauguration Day itself, as staffers log on to the White House system for the first time. Chertoff said he would be wary of vulnerabilities that creep into the network over the next two months as the current administration potentially lets their guard down out of “resentment or payback.”
“Frankly, if I was part of the incoming administration in cybersecurity, I would be very careful before people logged onto the White House to make sure I had done a very thorough scrub of what is lurking on the network,” he said.
Marchick said most career officials in Biden’s team are ready for the transition, even if it gets delayed further. Many members’ previous federal executive experience will be an advantage.
“They’re prepared,” he said. “Their briefing materials are set. All of their IT work is ready. They just need the green light to get going.”
