U.S. Seeks to Protect Voting System From Cyberattacks

August 4, 2016
Julie Hirschfeld Davis for New York Times
news photo

WASHINGTON — The Obama administration is weighing new steps to bolster the security of the United States’ voting process against cyberthreats, including whether to designate the electronic ballot-casting system for November’s elections as “critical infrastructure,” Jeh Johnson, the secretary of Homeland Security, said on Wednesday.

In the wake of hacks that infiltrated Democratic campaign computer systems, Mr. Johnson said he was conducting high-level discussions about “election cybersecurity,” a vastly complex effort given that there are 9,000 jurisdictions in the United States that have a hand in carrying out the balloting, many of them with different ways of collecting, tallying and reporting votes.

“We should carefully consider whether our election system, our election process is critical infrastructure, like the financial sector, like the power grid,” Mr. Johnson told reporters in Washington. “There’s a vital national interest in our electoral process.”

A national commission created as part of a voting overhaul enacted in 2002 in response to the controversy surrounding the 2000 presidential election “raised the bar” on security, Mr. Johnson said. “But there is more to do,” he added. “The nature of cyberthreats has evolved.”

Mr. Johnson said he was considering communicating with state and local election officials across the country to inform them about “best practices” to guard against cyberintrusions, and that longer-term investments would probably have to be made to secure the voting process.

“There are various different points in the process that we have to be concerned about, so this is something that we are very focused on right at the moment,” Mr. Johnson said.

His comments were the latest evidence that recent cyberintrusions have caused alarm in the administration about the potential for hacking to disrupt the election, and how to respond.

The administration on Wednesday played down the dangers, saying voters should not worry about cyberattacks wreaking havoc with the election.

“There are risks out there,” said Josh Earnest, the press secretary. “But I think the American people can have quite a bit of confidence in our ability to mitigate those risks.”

Mr. Earnest said the administration was committed to offering support to state and local governments so they could protect the integrity of the voting process, but that given the varied practices and software used in different jurisdictions, there could be no single method for doing so.

“That varied infrastructure and those different systems also pose a difficult challenge to potential hackers,” Mr. Earnest added. “It’s difficult to identify a common vulnerability.”

The F.B.I. is investigating the hack of the Democratic National Committee, and Mr. Johnson said officials had yet to attribute it to a particular actor or actors. But private investigators have identified the suspects, and United States intelligence agencies have told the White House that they have “high confidence” that the Russian government was responsible.

Without commenting specifically on that breach, Mr. Johnson said it was vital for employers to emphasize to their employees the importance of not falling prey to “spear phishing,” in which a hacker, posing as a trusted source, sends a fake email in an attempt to compromise the security of a computer network.

“The most devastating, intrusive attacks by the most sophisticated actors often originate with a simple act of spear phishing,” Mr. Johnson said.

Even some of his own employees have been caught by such gimmicks, Mr. Johnson added. He said the Department of Homeland Security had run exercises in which employees receive an email offering free tickets to Washington Redskins football games if they click a link.

“They’re told to report at a certain time and place to pick up their free Redskins tickets,” Mr. Johnson said. “They get a cybersecurity lecture instead.”