The Department of Homeland Security will not classify election systems as critical infrastructure before the November presidential election, DHS Assistant Secretary for Cybersecurity Andy Ozment said at the Billington Cybersecurity Summit Tuesday.
“This is not something we’re looking to in the near future. This is a conversation we’re having in the long term with state and local government, who are responsible for voting infrastructure,” said Ozment, a former senior director for cybersecurity on the National Security Council. “We’re focused right now on what we can usefully offer that local and state government will find valuable.”
“From our perspective, it gives us more ability to help,” he said of a critical infrastructure designation. “It does not put DHS in charge.”
“To some degree this question of ‘is it critical infrastructure or not’ is a distraction from the important thing, which is that everybody needs to help each other out,” he added.
A reclassification move — which would enable increased resources to protect political elections from hackers, and give DHS additional authorities — is something officials have discussed, but they are still weighing their options, said Ozment.
In recent months, legal professionals, several lawmakers and a cohort of state government officials have argued that federal agencies have no part to play in an electoral process for which local authorities have always been responsible. Georgia Secretary of State Brian Kemp, for example, has strongly objected to any DHS involvement — going so far as to publicly accuse President Barack Obama’s administration of exaggerating the threat of cyber attacks in order to step on local and state governments’ traditional jurisdiction.
“The way we classify critical infrastructure in the future must be largely determined by the development of technology,” said Karen Evans, co-chair of the CSIS Taskforce on Cybersecurity, during a panel discussion at the Billington Cybersecurity Summit.
Earlier this month, FBI Director James Comey said that he believed America’s election systems were largely insulated from cyber attacks due the inherently antiquated technology used in disconnected voting machines. Some cybersecurity experts are worried, however, given the availability of paperless ballot options, among other things, which rely on digital systems to record, transport and store election information.
Previously, Homeland Security Secretary Jeh Johnson said that the department was considering redefining voting systems as a “critical infrastructure” sector and that he took seriously threats to degrade the integrity of the country’s elections, especially that of the upcoming presidential election. In a later letter to state and local election officials, Johnson reiterated an offer of support but desisted from discussing the potential for classifying election systems as critical infrastructure.
“There are services we can offer by way of vulnerability to detection, incident response, we’re in a general environment where there’s an increasing level of sophistication by cyber attackers,” Johnson said during a televised interview with MSNBC’s Andrea Mitchell. “Across the spectrum, whether it’s nation-state actors, plain criminals, hacktivists, and so we want to inform state election officials of what we see on a national level as best practices, and we’re doing that right now.”