DHS's New Election Cybersecurity Committee Has No Cybersecurity Experts
from the prepare-to-be-memoed-at,-hackers dept
The National Association of Secretaries of State (NASS) [yes, there’s an association for everything] has just announced its selections to head up a DHS “working group” tackling “election infrastructure cybersecurity.” Like any committee formed in response to a hot-button topic, the appointees are better known for their years of tenure in government positions than their technical acumen, as the ACLU’s Chris Soghoian points out.
4 state gov officials, 0 tech experts, appointed to new DHS Election Infrastructure Cybersecurity Working Group. https://t.co/jKH3SScpd4
— Christopher Soghoian (@csoghoian) September 1, 2016
4 state gov officials, 0 tech experts, appointed to new DHS Election Infrastructure Cybersecurity Working Group.
About the only thing the appointees have going for them is that they fit the description: all four are state-level secretaries of state. Beyond that, there’s very little to indicate they’re qualified to take on cybersecurity issues.
The working group’s president, Denise Merrill, is Connecticut’s Secretary of State. At least her bio contains some initiatives loosely-related to the task at hand.
As Connecticut’s chief elections official and business registrar, Merrill has focused on modernizing Connecticut’s elections, business services and improving access to public records.
[…]
Secretary Merrill has worked to expand voter participation through Election Day and online voter registration. She has also improved Connecticut’s democratic accountability and integrity with a series of rapid response processes to Election Day problems.
Indiana’s Connie Lawson also appears focused on voter security, albeit in equally vague terms.
Connie Lawson is Indiana’s 61st Secretary of State. As Indiana’s Chief Elections Official, she is focused on ensuring the integrity and security for our state’s elections. Since taking office, Secretary Lawson has championed sweeping election reforms, and has led the effort to clean Indiana’s voter rolls.
[…]
Secretary Lawson is not just an advocate for election security. She is also working to modernize elections through vote centers. As a state Senator, Secretary Lawson authored legislation allowing any county in the state to move to the vote center model. As Secretary of State, she has worked to educate voters and elected officials on the cost saving benefits and convenience of the vote center model.
There’s not much to be said about the other appointees — Georgia’s Brian Kemp and California’s Alex Padilla — in terms of cybersecurity. However, there’s plenty to be said about safeguarding elections. Padilla has been sued twice over alleged election fraud. And Kemp’s office mistakenly released the personal information of six million registered voters.
But there’s one thing they can all agree on: there’s nothing to worry about.
From Connie Lawson’s home state:
Indiana’s voter system is safe from hackers according to the Indiana Election Division.
“We are confident that the security features of our statewide voter registration system protect against hacks described in the FBI alert sent last week,” says Angie Nussmeyer, co-director of the Indiana Election Division.
Working group president Denise Merrill on the possibility of election-related hacking in her state:
She explained that Connecticut has perhaps the most decentralized voting and registration system in the country with 169 cities and towns that act as their own districts. Built into that system is an entirely paper based trove of voter cards, ballots, and backups.
“When you go into vote and you go to register on the list, it’s all still on paper so there is no simple database that’s containing all of the information,” Merrill said.
From Alex Padilla’s office:
A spokesman for California secretary of state said the agency, which oversees elections statewide, was aware of the cyber attack reports.
“We have no evidence of any breaches or hacks of our system,” agency spokesman Sam Mahood said.
The best statement of self-assurance comes from appointee Brian Kemp, who just a few days earlier was claiming vote-hacking fears were an Obama-led attempt to federalize state voting.
The federal government wants to help states keep hackers from manipulating the November election, amid growing fears that the U.S. political system is vulnerable.
But Georgia’s top election official is balking at the offers of assistance — and accusing the Obama administration of using exaggerated warnings of cyberthreats to intrude on states’ authority.
[…]
“It seems like now it’s just the D.C. media and the bureaucrats, because of the DNC getting hacked — they now think our whole system is on the verge of disaster because some Russian’s going to tap into the voting system,” Kemp, a Republican, told POLITICO in an interview. “And that’s just not — I mean, anything is possible, but it is not probable at all, the way our systems are set up.”
It appears Kemp is worried more about preserving the integrity of his opposition status than he is about protecting the integrity of the presidential election. One day prior to the NASS press release, Kemp was claiming to have turned the position down.
Kemp recently declined an offer by the Department of Homeland Security for cyber security assistance, raising concerns about the federal government’s intrusion.
Fortunately, this lack of technical prowess won’t prevent the working group from achieving the DHS’s goal, which appears to have little to do with actual cybersecurity.
“Secretaries of State are committed to working with our federal partners to increase awareness of federal government cybersecurity resources and services that are available to election officials,” said NASS President Denise W. Merrill, Connecticut Secretary of the State. “We look forward to sharing state best practices and technical advice that will strengthen understanding and collaboration between state and federal agencies.”
“Increasing awareness” is one of those goals that sounds lofty, but generally materializes as mass emails and the occasional mandatory Powerpoint presentation most attendees will doze through. Every person listed here is a figurehead appointee to a figurehead working group — one likely formed in response to a similar, higher-level “increase awareness” mandate handed down by administration officials. The lack of tech experts isn’t going to cause much harm because the point of this committee is to be a committee. No one expects any sort of cybersecurity breakthroughs to be generated by something that will do little more one more line to these politicians’ bios.
Filed Under: cybersecurity, dhs, e-voting, election, secretaries of state
Companies: nass
Comments on “DHS's New Election Cybersecurity Committee Has No Cybersecurity Experts”
SOS Kemp
Kemp is not an appointee. He was elected statewide.
Re: SOS Kemp
Elected as Secretary of State — but appointed to the DHS’s Election Infrastructure Cybersecurity committee/working group.
Re: SOS Kemp
He was elected as Secretary, but appointed to the committee…
National Association of Secretaries of State
Dumb NASSes.
Run by the DHS huh?
Let me guess, do not bring nail clippers, liquids greater than 8 oz, or a sense of humor or you will be arrested and fined $10,000.
Disclaimer: You still may be searched, strip searched, or bodily cavity searched upon demand.
America, land of the fools that believe themselves to be free.
Just give the e-voting systems contract over to Apple to fix. Even the government has a tough time breaking into their devices.
So DHS is going to “secure” elections/voting the way they “secured” the airports, eh?
Will being crotch-groped is the new form of secure ID?
Re: Re:
Jesus I need an editor to fix my shit before I post.
…or maybe just to grab my crotch.
sharing ... "technical advice"
Looks like they consider themselves to be technical experts, even if they aren’t.
The theme of this year’s Awareness Fair is awareness.
It's the DHS
incompetence is not newsworthy. Competence would be.
It’s no surprise they are the lowest ranked cabinet position, behind even interior and veterans affairs.
Pots and kettles..
BUT,
WHAT are they setup to do??
redo the election system?? dont think so..
3-4 people setup to do NOTHING..they have little to NO power, except to give suggestions INSIDE their own states..
If they would like abit of computer knowledge, Give me 2-5 hours…Or 2 years, to get basic knowledge and understanding into THEIR HEADS..
NO MATTER, what these fol;ks decide, it WONT happen, and wont change anything..
REALLY, if you want to..I would figure a few of us could Whip up a Good computer system to do the job in a few days..
Re: WHAT are they setup to do?
Decide at which luxury resort or hotel they will hold their face to face meetings.
Of course not they would get in the way of the already established narrative with inconvienent truths and facts.
Consequences for Dozing Off
Good thing they don’t show these slides in NK. Dozing off gets a person a one way ticket to execution by anti-aircraft gun. (I assume the reason that that type of execution was chosen by Kim Jong-un was because he had just watched the movie The Jackal.)
It is brain trusts like this that lead to the magical thinking that someone can put a backdoor only the good guys can use in encryption.
Perhaps its time we express more outrage about wasting tax money on creating useless panels & demand better value for our dollars. But then we keep electing people who lie to our faces about representing us, while pocketing millions from ‘donors’ and cushy job placements in the future….
Secretary Lawson is not just an advocate for election security….
As Secretary of State, she has worked to educate voters.
Educate voters?
Excuse me, but when I vote I do it of my own volition, it’s my choice.
I do not require any “education”.
But thanks for the offer
Re: Re:
I think she’s the one that needs to be educated.
NASS: We're looking into the problem...
The public: “Corrupt officials are the problem.”
NASS: “Oh, right, then we’ll look into that as well. Now if you’ll just slide that envelope into this desk drawer here…”
These guys can’t know what the problem is. Nobody does. We haven’t done that science yet:
The concern over vote corruption stems from the apparent decay of the role of the fourth estate. Similarly the trend towards greater use of strong cryptography is a response to intrusions into constitutionally protected communications. In both cases, fixing the latter minimizes the former.
But nobody has CLEAR evidence that these relationships even exist in a broad way, though anecdotal evidence suggests that they do. We suspect how bad it is, but nobody really knows. A means of measuring it has not yet been invented.
We can guess at the perverse intent coming out of the unholy trinity of cabal news. And we know that it is integrated with other facets of our communications (without consent) just based on frequency analysis.
What we don’t have is a way to collate and reverse engineer the collective effects of domestic propaganda. Which IMHO is achievable, but computationally speaking, a daunting prospect.
Clandestined approaches are likely effective in individual cases. But small truths are easily refuted by propaganda. Indeed that is the whole point. So this problem has to be revealed in a way that would be such a broad piece of work as to be irrefutable… The resources required would be immense.
My thoughts turn to John Nash and Aaron Schwarz.
How to fix the election
Getting the DHS involved in this election process is the last desperate attempt to steal the election for Hillary to protect indictment from Trump
I’m just wondering how hard it would be for an unscrupulous tech worker to insert a virus to skew the numbers. I know what an obvious question. But it could be done.
Re: how hard
Don’t constrain yourself to the idea of a virus. The attack vectors are infinite. Voting system integrity is pretty much a science unto itself. Fortunately for the DNC it is an extremely underfunded science.
I think a Racial Equality Committee composed of only KKK members would at least be more honest than this. Certainly less biased and clueless.
God these people are dumb. There’s plenty cybersecurity professionals that would take the money to say whatever they want them to say, source: am a currently laid off cyber security professional
They could at least try is all I’m saying