Six weeks after the U.S. Department of Homeland Security underscored the importance of election computers and physical systems by designating them “critical infrastructure,” a group representing the nation’s secretaries of state voted to oppose the federal appellation.
In its winter meeting, the National Association of Secretaries of State (NASS) adopted a resolution opposing the “critical infrastructure” designation by the U.S. Department of Homeland Security. The rebuke of the federal agency was partly due to concerns of overreaching by the federal government and because the agency had refused to provide adequate information on the impact that the designation would have on the states, according to Kay Stimson, spokeswoman for the National Association of Secretaries of State (NASS).
“We have members that feel that it is federal encroachment on state authority over elections,” she told eWEEK. “But we also have members that are deeply troubled by the fact that no written parameters were provided by the DHS, despite repeated requests since last August when we heard they were considering this designation.”
Following the 2016 presidential election and evidence that Russia conducted a variety of information operations against the United States—from hacking the email accounts of the Democratic National Committee and Hillary Clinton’s top advisor, to a variety of disinformation operations—security and policy experts have renewed their focus on the U.S. election system.
In January, the Department of Homeland Security and the Federal Bureau of Investigation issued a joint analysis detailing Russian operations, which the agencies dubbed “Grizzly Steppe.” A week later, Jehu Johnson, the secretary of the DHS at the time, designated elections systems as critical infrastructure to make “clear both domestically and internationally that election infrastructure enjoys all the benefits and protection” of the U.S. government.
Yet, states have reacted with muted enthusiasm for the designation. Article II of the U.S. Constitution give states broad powers to determine the manner in which they elect federal officials. Because elections are run by the states, however, there is no overall standard for securing elections.
The federal government through the Help America Vote Act (HAVA) and the Election Assistance Commission has supported the updating of state voting systems, but each state has taken its own path to modernize elections systems.
NASS has stressed that the current system of decentralized elections actually brings with it significant security benefits. The group argues that decentralization means that the voting process is difficult to disrupt.
In addition, election systems are, for the most part, disconnected from the Internet, removing one vector of attack. Finally, states rely on local participants to increase transparency in the system.
The group stressed that each state should approach security in its own way.
“The U.S. Department of Homeland Security has no authority to interfere with elections, even in the name of national security,” the group stated in its resolution. “Now therefore let it be resolved that that the National Association of Secretaries of State (NASS) opposes the designation of elections as critical infrastructure.”
NASS members also voted at its winter meeting to create an information-sharing organization—initially in the form of a task force—to exchange information on election cyber-security issues.
A final initiative that came from the meeting is a focus on business-identity theft issues. Currently, 83 percent of responding secretary of state’s offices do not track business-identity theft complaints, instead relying on police data. The association urged states to start collecting the information to develop a better understanding of the problem.