Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)

New York Governor Orders Election System Risk Assessment

Also, Sen. Mark Warner Seeks State Election Hacking Details From DHS
New York Governor Orders Election System Risk Assessment
New York Gov. Andrew Cuomo

Concerns over Russian hacking of state election systems are mounting.

See Also: Cyber Insurance Assessment Readiness Checklist

In New York State, Gov. Andrew Cuomo has ordered a review of the Empire State's election-related security efforts. Meanwhile on Capitol Hill, Sen. Mark Warner, D-Virginia, the vice chairman of the Senate Select Committee on Intelligence, has asked the Department of Homeland Security to release more information about hack attacks targeting state elections.

At the Justice Department, a team headed by former FBI Director Robert Mueller is investigating alleged Russian attempt to influence the 2016 presidential election, in part via hacking and online propaganda, and any ties it might have to the campaign of Donald Trump. While there had been previous reports of Russian hackers attempting to infiltrate some states' election systems, Bloomberg News recently reported that in fact, 39 states were targeted (see Election Systems' Hacks Far Greater Than First Realized).

One thing that isn't clear is the extent to which hackers may have been amassing information on U.S. voters to attempt to sway opinions via online propaganda. In a related development, 198 million voter registration records maintained by a data analytics company aligned with the Republican Party, which attempted to predict which messages would most likely appeal to voters, were recently found to be exposed to the internet (see 198 Million US Voter Records Left Online For Two Weeks).

New York Intensifies Election Security

In New York, the state's Cybersecurity Advisory Board will collaborate with Department of Motor Vehicles, which provides a voter-registration service, and state Office of Information Technology Services as well as county election officials, to assess potential election-related risks and then develop recommendations for new information security measures to put in place, within three months.

No credible reports have surfaced of attacks or probes of New York's election systems but Cuomo says he wants the state to be prepared to defend against election-related hacking. "Recent reports of foreign hacking on the American electoral system are highly disturbing, and New York will do everything in its power to continue to secure our electoral system and protect the sanctity of our elections," Cuomo said. "In the absence of a concerted federal response, New York state is stepping up to ensure we are prepared for the serious cyber threats facing our electoral system."

Warner Demands Details

New York's governor isn't the only one demanding great action to fend off potential Russian hack attacks.

In a letter to DHS Secretary John Kelly, for example, Warner points out that DHS and the FBI have confirmed intrusions of voter registration databases in only two states - Arizona and Illinois - even though suspicious activity has occurred in a far greater number of states.

"Overall, the breadth and scope of the 2016 intrusion attempts underscore the intention of the Russian government to undermine confidence in our election systems," wrote Warner, who urges Kelly "to work closely with state and local election officials to disclose publicly which states were targeted, to ensure that they are fully aware of the threat and to make certain that their cyber defenses are able to neutralize this danger."

Warner adds: "We are not made safer by keeping the scope and breadth of these attacks secret."

DHS spokesman David Lapan did not respond to Warner's letter, saying the department does not comment on correspondence with the secretary. "We'll respond directly to the senator, as appropriate," Lapan says.

Senate Hearings Scheduled

Warner's letter was sent a day before the Senate Intelligence Committee scheduled a hearing, titled "U.S. Election Security: Russian Interventions and the Outlook for 2018 and Beyond." Warner says the hearing will focus on Russia's cyber-related efforts to disrupt U.S. election systems in 2016, American response efforts, potential threats to the 2018 and 2020 elections, and whether federal and state governments can defend against those threats.

Among the witnesses scheduled to testify are Jeanette Manfra, DHS acting deputy undersecretary for cybersecurity; Samuel Liles, DHS acting director of cyber intelligence and analysis; and Bill Priestap, FBI assistant director of counterintelligence. Other witnesses will include Indiana Secretary of State Connie Lawson, president-elect of the National Associations of Secretaries of State; Steve Sandvoss, executive director, Illinois State Board of Elections; Michael Haas, Midwest regional representative, National Association of State Election Directors; and J. Alex Halderman, computer science and engineer professor, University of Michigan.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.