Tech

Congressional watchdog slams Homeland Security over election security prep

Key Points
  • A leading federal watchdog agency has admonished the Department of Homeland Security for its lack of election security preparation, with the 2020 presidential primary season already underway.
  • In a letter Thursday, the Government Accountability Office said DHS' Cybersecurity Infrastructure Security Agency is behind on its plans for elections security, a mandate the agency took on in early 2017.
  • The recommendations are an alarming addition to uncertainty swirling around technology early in the campaign. An app failure plunged the Iowa caucuses into chaos earlier this week, and the results have not been fully tabulated.
Volunteers tally votes during the first-in-the-nation Iowa caucus at the Southridge Mall in Des Moines, Iowa, U.S., on Monday, Feb. 3, 2020.
Al Drago | Bloomberg | Getty Images

A leading federal watchdog agency has admonished the Department of Homeland Security for its lack of election security preparation, with the 2020 presidential primary season already underway.

In a letter Thursday, the Government Accountability Office, which reports to Congress, said DHS's Cybersecurity Infrastructure Security Agency, or CISA, is behind on its plans for elections security. CISA took on that mandate in early 2017, when election infrastructure was added to its list of "critical" industries with which it should coordinate a response to cyberattacks.

"Election primaries begin in February. However, CISA has not yet completed its strategic and operations plans to help state and local officials safeguard the 2020 elections or documented how it will address prior challenges," the GAO said.

The recommendations are an alarming addition to uncertainty swirling around technology early in the campaign. An application failure plunged the Iowa caucuses into chaos earlier this week, and the results have not been fully tabulated in a tight race between presidential contenders Sen. Bernie Sanders and Pete Buttigieg. Nevada Democrats announced it had scrapped plans to use a similar app for its caucus Feb. 22. The Democratic National Committee has since urged a possible re-canvass in Iowa.

Regarding its part in the primary, DHS said Democrats had declined the agency's offer to vet the app, a charge the Iowa Democratic Party has denied. It's unclear why review of a voting application was not a requirement for DHS, given its purview over election infrastructure security, which should include resiliency planning in the event of a tech breakdown.

DHS has said that it plans to have a full "#protect2020 Strategic Plan and 2020 Elections Security Operations Plan" soon, with detailed answers to the recommended changes by Feb. 14. The New Hampshire primary is scheduled for Tuesday, Feb. 11.

The GAO listed three recommendations for the CISA:

  • Urgently finalize the strategic plan and the supporting operations plan for securing election infrastructure for the upcoming elections.
  • Ensure that the operations plan fully addresses all lines of effort in the strategic plan for securing election infrastructure for the upcoming elections.
  • Document how the agency intends to address challenges identified in its prior election assistance efforts and incorporate appropriate remedial actions into the agency's 2020 planning.

CISA has been attempting to partner with the secretaries of state and other election officials in all U.S. states and territories, to help share threat information in advance of the elections in those states.

"This whole-of-government effort to secure elections has been unprecedented. We appreciate GAO's recognition of these efforts," a CISA representative said. "Our work is not done, we continue to build and grow every day, but we understand the threat and the need to take action to keep our systems safe, and we are ready for 2020."

Yet CISA has met resistance in some jurisdictions that see the agency as a potential political rival rather than a neutral agency.

This has been a longtime challenge for DHS in both the public and private sectors, as it struggles to unite various factions from industries designated as "critical" — including banking, energy, water treatment and commercial facilities, among others.

VIDEO3:2603:26
JP Morgan Chase spends $600 million a year to counter cybersecurity threats