Homeland Security Department cyber experts will be able to do on-the-ground vetting of election systems in all 50 states before the 2018 midterm elections if those states ask for it, department official Bob Kolasky said during an election security summit Wednesday.
The department has fully vetted election systems in three states so far and has 11 more scheduled before mid-April, said Kolasky, who’s the acting deputy undersecretary for Homeland Security’s cyber and infrastructure protection division.
After that, the department could conceivably fit in any more states that request on-site vetting before the November elections, he said.
“We want all the rest of the states to sign up,” Kolasky said during the Election Assistance Commission summit.
States had earlier complained that the wait for vetting was too long.
Voluntary on-site cybersecurity assessments are the most labor-intensive portion of Homeland Security’s efforts to improve election cybersecurity before the midterms. The department is also sharing more cyber threat information with states and providing top state election officials with security clearances so they can receive classified threat data.
The efforts all stem from Homeland Security’s January decision to label election systems critical infrastructure after Russian intelligence agencies probed systems in 21 states in advance of the 2016 presidential election.
The critical infrastructure designation makes it easier for Homeland Security to share resources with states. Many states were initially wary of the designation, however, because they considered it a federal power grab and thought Homeland Security officials weren’t cognizant enough of how differently elections were run in different states.
Many states remain wary of Homeland security’s assistance, Kolasky acknowledged Wednesday, but the department has steadily been building trust, he said.
“The feedback has been better with states we’ve done more with,” Kolasky said. “When you start to get past the politics and policies and into the security services, they’re finding value with that.”
Secretaries of state from Washington state and Rhode Island gave Homeland Security generally good marks on helping shore up their state election systems during a panel discussion earlier Wednesday.
“Our experience with our local team has been nothing but positive,” Washington’s Kim Wyman said, noting that she was initially concerned about the critical infrastructure designation.
“The depth of resources they have and the experience they have with cybersecurity are so far beyond what we had access to before,” Wyman said.
Homeland Security hopes to finalize this month or next a sector coordinating council that will include voting machine makers and other companies that work in the elections area, Kolasky said.
The department may also work to grant security clearances to officials at some voting machine companies so they can receive classified threat information that might affect their products, Kolasky told Nextgov after the event.
Such clearances are common for private-sector officials in critical infrastructure industries, he said.
The department already established a government coordinating council for elections that includes state and federal officials.