DHS's New Election Cybersecurity Committee Has No Cybersecurity Experts

from the prepare-to-be-memoed-at,-hackers dept

The National Association of Secretaries of State (NASS) [yes, there's an association for everything] has just announced its selections to head up a DHS "working group" tackling "election infrastructure cybersecurity." Like any committee formed in response to a hot-button topic, the appointees are better known for their years of tenure in government positions than their technical acumen, as the ACLU's Chris Soghoian points out.

4 state gov officials, 0 tech experts, appointed to new DHS Election Infrastructure Cybersecurity Working Group.

About the only thing the appointees have going for them is that they fit the description: all four are state-level secretaries of state. Beyond that, there's very little to indicate they're qualified to take on cybersecurity issues.

The working group's president, Denise Merrill, is Connecticut's Secretary of State. At least her bio contains some initiatives loosely-related to the task at hand.

As Connecticut's chief elections official and business registrar, Merrill has focused on modernizing Connecticut's elections, business services and improving access to public records.

[...]

Secretary Merrill has worked to expand voter participation through Election Day and online voter registration. She has also improved Connecticut's democratic accountability and integrity with a series of rapid response processes to Election Day problems.

Indiana's Connie Lawson also appears focused on voter security, albeit in equally vague terms.

Connie Lawson is Indiana’s 61st Secretary of State. As Indiana’s Chief Elections Official, she is focused on ensuring the integrity and security for our state’s elections. Since taking office, Secretary Lawson has championed sweeping election reforms, and has led the effort to clean Indiana’s voter rolls.

[...]

Secretary Lawson is not just an advocate for election security. She is also working to modernize elections through vote centers. As a state Senator, Secretary Lawson authored legislation allowing any county in the state to move to the vote center model. As Secretary of State, she has worked to educate voters and elected officials on the cost saving benefits and convenience of the vote center model.

There's not much to be said about the other appointees -- Georgia's Brian Kemp and California's Alex Padilla -- in terms of cybersecurity. However, there's plenty to be said about safeguarding elections. Padilla has been sued twice over alleged election fraud. And Kemp's office mistakenly released the personal information of six million registered voters.

But there's one thing they can all agree on: there's nothing to worry about.

From Connie Lawson's home state:

Indiana's voter system is safe from hackers according to the Indiana Election Division.

“We are confident that the security features of our statewide voter registration system protect against hacks described in the FBI alert sent last week,” says Angie Nussmeyer, co-director of the Indiana Election Division.

Working group president Denise Merrill on the possibility of election-related hacking in her state:

She explained that Connecticut has perhaps the most decentralized voting and registration system in the country with 169 cities and towns that act as their own districts. Built into that system is an entirely paper based trove of voter cards, ballots, and backups.

“When you go into vote and you go to register on the list, it’s all still on paper so there is no simple database that’s containing all of the information," Merrill said.

From Alex Padilla's office:

A spokesman for California secretary of state said the agency, which oversees elections statewide, was aware of the cyber attack reports.

"We have no evidence of any breaches or hacks of our system,” agency spokesman Sam Mahood said.

The best statement of self-assurance comes from appointee Brian Kemp, who just a few days earlier was claiming vote-hacking fears were an Obama-led attempt to federalize state voting.

The federal government wants to help states keep hackers from manipulating the November election, amid growing fears that the U.S. political system is vulnerable.

But Georgia’s top election official is balking at the offers of assistance — and accusing the Obama administration of using exaggerated warnings of cyberthreats to intrude on states’ authority.

[...]

“It seems like now it’s just the D.C. media and the bureaucrats, because of the DNC getting hacked — they now think our whole system is on the verge of disaster because some Russian’s going to tap into the voting system,” Kemp, a Republican, told POLITICO in an interview. “And that’s just not — I mean, anything is possible, but it is not probable at all, the way our systems are set up.”

It appears Kemp is worried more about preserving the integrity of his opposition status than he is about protecting the integrity of the presidential election. One day prior to the NASS press release, Kemp was claiming to have turned the position down.

Kemp recently declined an offer by the Department of Homeland Security for cyber security assistance, raising concerns about the federal government’s intrusion.

Fortunately, this lack of technical prowess won't prevent the working group from achieving the DHS's goal, which appears to have little to do with actual cybersecurity.

"Secretaries of State are committed to working with our federal partners to increase awareness of federal government cybersecurity resources and services that are available to election officials," said NASS President Denise W. Merrill, Connecticut Secretary of the State. "We look forward to sharing state best practices and technical advice that will strengthen understanding and collaboration between state and federal agencies."

"Increasing awareness" is one of those goals that sounds lofty, but generally materializes as mass emails and the occasional mandatory Powerpoint presentation most attendees will doze through. Every person listed here is a figurehead appointee to a figurehead working group -- one likely formed in response to a similar, higher-level "increase awareness" mandate handed down by administration officials. The lack of tech experts isn't going to cause much harm because the point of this committee is to be a committee. No one expects any sort of cybersecurity breakthroughs to be generated by something that will do little more one more line to these politicians' bios.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Security_Geek (profile), 2 Sep 2016 @ 10:45am

    SOS Kemp

    Kemp is not an appointee. He was elected statewide.

    reply to this | link to this | view in chronology ]

  • icon
    Disturbed (profile), 2 Sep 2016 @ 10:56am

    National Association of Secretaries of State

    Dumb NASSes.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Sep 2016 @ 11:09am

    Run by the DHS huh?

    Let me guess, do not bring nail clippers, liquids greater than 8 oz, or a sense of humor or you will be arrested and fined $10,000.

    Disclaimer: You still may be searched, strip searched, or bodily cavity searched upon demand.

    America, land of the fools that believe themselves to be free.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 2 Sep 2016 @ 11:12am

    Just give the e-voting systems contract over to Apple to fix. Even the government has a tough time breaking into their devices.

    reply to this | link to this | view in chronology ]

  • icon
    dfed (profile), 2 Sep 2016 @ 11:26am

    So DHS is going to "secure" elections/voting the way they "secured" the airports, eh?

    Will being crotch-groped is the new form of secure ID?

    reply to this | link to this | view in chronology ]

  • identicon
    min, 2 Sep 2016 @ 11:35am

    sharing ... "technical advice"

    Looks like they consider themselves to be technical experts, even if they aren't.

    reply to this | link to this | view in chronology ]

  • identicon
    Thad, 2 Sep 2016 @ 11:59am

    The theme of this year's Awareness Fair is awareness.

    reply to this | link to this | view in chronology ]

  • icon
    DV Henkel-Wallace (profile), 2 Sep 2016 @ 1:00pm

    It's the DHS

    incompetence is not newsworthy. Competence would be.

    It's no surprise they are the lowest ranked cabinet position, behind even interior and veterans affairs.

    reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 2 Sep 2016 @ 1:12pm

    Pots and kettles..

    BUT,
    WHAT are they setup to do??
    redo the election system?? dont think so..
    3-4 people setup to do NOTHING..they have little to NO power, except to give suggestions INSIDE their own states..

    If they would like abit of computer knowledge, Give me 2-5 hours...Or 2 years, to get basic knowledge and understanding into THEIR HEADS..

    NO MATTER, what these fol;ks decide, it WONT happen, and wont change anything..
    REALLY, if you want to..I would figure a few of us could Whip up a Good computer system to do the job in a few days..

    reply to this | link to this | view in chronology ]

  • icon
    Padpaw (profile), 2 Sep 2016 @ 2:02pm

    Of course not they would get in the way of the already established narrative with inconvienent truths and facts.

    reply to this | link to this | view in chronology ]

  • icon
    Pronounce (profile), 2 Sep 2016 @ 2:34pm

    Consequences for Dozing Off

    Good thing they don't show these slides in NK. Dozing off gets a person a one way ticket to execution by anti-aircraft gun. (I assume the reason that that type of execution was chosen by Kim Jong-un was because he had just watched the movie The Jackal.)

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 2 Sep 2016 @ 3:54pm

    It is brain trusts like this that lead to the magical thinking that someone can put a backdoor only the good guys can use in encryption.

    Perhaps its time we express more outrage about wasting tax money on creating useless panels & demand better value for our dollars. But then we keep electing people who lie to our faces about representing us, while pocketing millions from 'donors' and cushy job placements in the future....

    reply to this | link to this | view in chronology ]

  • icon
    Arioch (profile), 2 Sep 2016 @ 8:15pm

    Secretary Lawson is not just an advocate for election security....
    As Secretary of State, she has worked to educate voters.

    Educate voters?

    Excuse me, but when I vote I do it of my own volition, it's my choice.
    I do not require any "education".

    But thanks for the offer

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 3 Sep 2016 @ 8:02am

    NASS: We're looking into the problem...

    The public: "Corrupt officials are the problem."

    NASS: "Oh, right, then we'll look into that as well. Now if you'll just slide that envelope into this desk drawer here..."

    These guys can't know what the problem is. Nobody does. We haven't done that science yet:

    The concern over vote corruption stems from the apparent decay of the role of the fourth estate. Similarly the trend towards greater use of strong cryptography is a response to intrusions into constitutionally protected communications. In both cases, fixing the latter minimizes the former.

    But nobody has CLEAR evidence that these relationships even exist in a broad way, though anecdotal evidence suggests that they do. We suspect how bad it is, but nobody really knows. A means of measuring it has not yet been invented.

    We can guess at the perverse intent coming out of the unholy trinity of cabal news. And we know that it is integrated with other facets of our communications (without consent) just based on frequency analysis.

    What we don't have is a way to collate and reverse engineer the collective effects of domestic propaganda. Which IMHO is achievable, but computationally speaking, a daunting prospect.

    Clandestined approaches are likely effective in individual cases. But small truths are easily refuted by propaganda. Indeed that is the whole point. So this problem has to be revealed in a way that would be such a broad piece of work as to be irrefutable... The resources required would be immense.

    My thoughts turn to John Nash and Aaron Schwarz.

    reply to this | link to this | view in chronology ]

  • identicon
    bernie Tang, 4 Sep 2016 @ 9:52am

    How to fix the election

    Getting the DHS involved in this election process is the last desperate attempt to steal the election for Hillary to protect indictment from Trump

    reply to this | link to this | view in chronology ]

  • icon
    Tardalova (profile), 4 Sep 2016 @ 1:22pm

    I'm just wondering how hard it would be for an unscrupulous tech worker to insert a virus to skew the numbers. I know what an obvious question. But it could be done.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 5 Sep 2016 @ 7:41am

      Re: how hard

      Don't constrain yourself to the idea of a virus. The attack vectors are infinite. Voting system integrity is pretty much a science unto itself. Fortunately for the DNC it is an extremely underfunded science.

      reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 5 Sep 2016 @ 6:51am

    I think a Racial Equality Committee composed of only KKK members would at least be more honest than this. Certainly less biased and clueless.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 5 Sep 2016 @ 1:48pm

    God these people are dumb. There's plenty cybersecurity professionals that would take the money to say whatever they want them to say, source: am a currently laid off cyber security professional

    They could at least try is all I'm saying

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.