FBI to inform election officials about hacking attempts

File this in the “What? They didn’t do this already?” pile: The FBI has announced that it will tell local election officials when hackers try to infiltrate their systems. Now, when state actors rattle the doors on election systems around the country, the people responsible for operating them will get to hear about it.

This year is shaping up to be the most challenging yet when it comes to election security. In 2020, cyberattacks against the US election will be more sophisticated than they were in the run-up to the 2016 vote. So said Shelby Pierson, the election security threats executive for the Office of the Director of National Intelligence, speaking at an Election Assistance Commission event earlier this month.

It’s probably a good idea, then, for the FBI to warn local and state election officials of hacking attempts, and last week, it announced just that.

For those of you wondering why the FBI wasn’t doing this already, the problem thus far has been the fragmented nature of the US election system. Each state has a chief official in charge of elections, but local governments and officials own and operate election systems on the ground.

Rolling out a new policy for communicating election cyber incidents, the FBI said:

The FBI’s interactions regarding election security matters must respect both state and local authorities. Thus, the FBI’s new policy mandates the notification of a chief state election official and local election officials of cyber threats to local election infrastructure.

The FBI’s announcement follows political pressure to be more forthcoming about election-related cyber threats. In July 2019, US Reps. Stephanie Murphy (D-Fla.) and Michael Waltz (R-Fla.) announced the bipartisan Achieving Lasting Electoral Reforms on Transparency and Security (ALERTS Act) to force the Department of Homeland Security to notify both state and local officials, along with members of Congress and possibly voters, of election system breaches.

The bill was a response to the hacking of computing networks of two Florida counties before the 2016 election. The news surfaced in the Mueller report about Russian election interference, but the Representatives weren’t briefed on it until they requested one from the FBI after seeing the report. Waltz called the FBI’s policy “inadequate and unacceptable” when launching the legislation.

The Florida hacks weren’t the only ones that Russia pulled off prior to the 2016 election. A Senate Intelligence Committee report released in July 2019 highlighted attempts in all 50 states, with intrusions in at least 21.

Latest Naked Security podcast