DHS's New Election Cybersecurity Committee Has No Cybersecurity Experts

from the prepare-to-be-memoed-at,-hackers dept

The National Association of Secretaries of State (NASS) [yes, there’s an association for everything] has just announced its selections to head up a DHS “working group” tackling “election infrastructure cybersecurity.” Like any committee formed in response to a hot-button topic, the appointees are better known for their years of tenure in government positions than their technical acumen, as the ACLU’s Chris Soghoian points out.

4 state gov officials, 0 tech experts, appointed to new DHS Election Infrastructure Cybersecurity Working Group.

About the only thing the appointees have going for them is that they fit the description: all four are state-level secretaries of state. Beyond that, there’s very little to indicate they’re qualified to take on cybersecurity issues.

The working group’s president, Denise Merrill, is Connecticut’s Secretary of State. At least her bio contains some initiatives loosely-related to the task at hand.

As Connecticut’s chief elections official and business registrar, Merrill has focused on modernizing Connecticut’s elections, business services and improving access to public records.

[…]

Secretary Merrill has worked to expand voter participation through Election Day and online voter registration. She has also improved Connecticut’s democratic accountability and integrity with a series of rapid response processes to Election Day problems.

Indiana’s Connie Lawson also appears focused on voter security, albeit in equally vague terms.

Connie Lawson is Indiana’s 61st Secretary of State. As Indiana’s Chief Elections Official, she is focused on ensuring the integrity and security for our state’s elections. Since taking office, Secretary Lawson has championed sweeping election reforms, and has led the effort to clean Indiana’s voter rolls.

[…]

Secretary Lawson is not just an advocate for election security. She is also working to modernize elections through vote centers. As a state Senator, Secretary Lawson authored legislation allowing any county in the state to move to the vote center model. As Secretary of State, she has worked to educate voters and elected officials on the cost saving benefits and convenience of the vote center model.

There’s not much to be said about the other appointees — Georgia’s Brian Kemp and California’s Alex Padilla — in terms of cybersecurity. However, there’s plenty to be said about safeguarding elections. Padilla has been sued twice over alleged election fraud. And Kemp’s office mistakenly released the personal information of six million registered voters.

But there’s one thing they can all agree on: there’s nothing to worry about.

From Connie Lawson’s home state:

Indiana’s voter system is safe from hackers according to the Indiana Election Division.

“We are confident that the security features of our statewide voter registration system protect against hacks described in the FBI alert sent last week,” says Angie Nussmeyer, co-director of the Indiana Election Division.

Working group president Denise Merrill on the possibility of election-related hacking in her state:

She explained that Connecticut has perhaps the most decentralized voting and registration system in the country with 169 cities and towns that act as their own districts. Built into that system is an entirely paper based trove of voter cards, ballots, and backups.

“When you go into vote and you go to register on the list, it’s all still on paper so there is no simple database that’s containing all of the information,” Merrill said.

From Alex Padilla’s office:

A spokesman for California secretary of state said the agency, which oversees elections statewide, was aware of the cyber attack reports.

“We have no evidence of any breaches or hacks of our system,” agency spokesman Sam Mahood said.

The best statement of self-assurance comes from appointee Brian Kemp, who just a few days earlier was claiming vote-hacking fears were an Obama-led attempt to federalize state voting.

The federal government wants to help states keep hackers from manipulating the November election, amid growing fears that the U.S. political system is vulnerable.

But Georgia’s top election official is balking at the offers of assistance — and accusing the Obama administration of using exaggerated warnings of cyberthreats to intrude on states’ authority.

[…]

“It seems like now it’s just the D.C. media and the bureaucrats, because of the DNC getting hacked — they now think our whole system is on the verge of disaster because some Russian’s going to tap into the voting system,” Kemp, a Republican, told POLITICO in an interview. “And that’s just not — I mean, anything is possible, but it is not probable at all, the way our systems are set up.”

It appears Kemp is worried more about preserving the integrity of his opposition status than he is about protecting the integrity of the presidential election. One day prior to the NASS press release, Kemp was claiming to have turned the position down.

Kemp recently declined an offer by the Department of Homeland Security for cyber security assistance, raising concerns about the federal government’s intrusion.

Fortunately, this lack of technical prowess won’t prevent the working group from achieving the DHS’s goal, which appears to have little to do with actual cybersecurity.

“Secretaries of State are committed to working with our federal partners to increase awareness of federal government cybersecurity resources and services that are available to election officials,” said NASS President Denise W. Merrill, Connecticut Secretary of the State. “We look forward to sharing state best practices and technical advice that will strengthen understanding and collaboration between state and federal agencies.”

“Increasing awareness” is one of those goals that sounds lofty, but generally materializes as mass emails and the occasional mandatory Powerpoint presentation most attendees will doze through. Every person listed here is a figurehead appointee to a figurehead working group — one likely formed in response to a similar, higher-level “increase awareness” mandate handed down by administration officials. The lack of tech experts isn’t going to cause much harm because the point of this committee is to be a committee. No one expects any sort of cybersecurity breakthroughs to be generated by something that will do little more one more line to these politicians’ bios.

Filed Under: , , , ,
Companies: nass

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “DHS's New Election Cybersecurity Committee Has No Cybersecurity Experts”

Subscribe: RSS Leave a comment
24 Comments
ECA (profile) says:

Pots and kettles..

BUT,
WHAT are they setup to do??
redo the election system?? dont think so..
3-4 people setup to do NOTHING..they have little to NO power, except to give suggestions INSIDE their own states..

If they would like abit of computer knowledge, Give me 2-5 hours…Or 2 years, to get basic knowledge and understanding into THEIR HEADS..

NO MATTER, what these fol;ks decide, it WONT happen, and wont change anything..
REALLY, if you want to..I would figure a few of us could Whip up a Good computer system to do the job in a few days..

That Anonymous Coward (profile) says:

It is brain trusts like this that lead to the magical thinking that someone can put a backdoor only the good guys can use in encryption.

Perhaps its time we express more outrage about wasting tax money on creating useless panels & demand better value for our dollars. But then we keep electing people who lie to our faces about representing us, while pocketing millions from ‘donors’ and cushy job placements in the future….

Anonymous Coward says:

NASS: We're looking into the problem...

The public: “Corrupt officials are the problem.”

NASS: “Oh, right, then we’ll look into that as well. Now if you’ll just slide that envelope into this desk drawer here…”

These guys can’t know what the problem is. Nobody does. We haven’t done that science yet:

The concern over vote corruption stems from the apparent decay of the role of the fourth estate. Similarly the trend towards greater use of strong cryptography is a response to intrusions into constitutionally protected communications. In both cases, fixing the latter minimizes the former.

But nobody has CLEAR evidence that these relationships even exist in a broad way, though anecdotal evidence suggests that they do. We suspect how bad it is, but nobody really knows. A means of measuring it has not yet been invented.

We can guess at the perverse intent coming out of the unholy trinity of cabal news. And we know that it is integrated with other facets of our communications (without consent) just based on frequency analysis.

What we don’t have is a way to collate and reverse engineer the collective effects of domestic propaganda. Which IMHO is achievable, but computationally speaking, a daunting prospect.

Clandestined approaches are likely effective in individual cases. But small truths are easily refuted by propaganda. Indeed that is the whole point. So this problem has to be revealed in a way that would be such a broad piece of work as to be irrefutable… The resources required would be immense.

My thoughts turn to John Nash and Aaron Schwarz.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...