Georgia Secretary Of State Accuses DHS Of Breaching His Office's Firewall

The DHS finally got serious about protecting election infrastructure from hackers by appointing a bunch of career politicians to its "working group." With all this tech expertise on board, there could be little doubt the 2016 election would be the securest of all.

Following in the wake of Donald Trump's surprise electoral college victory came the news that President Obama wanted a full-scale investigation into alleged Russian hacking that may have affected the outcome of the election. Voting machines remained as insecure as ever though, and no one really seemed to have a problem with that.

The DHS -- caretakers of the non-hacked election -- did whatever the hell it was doing with a handful of Secretaries of State in charge. Presumably, this was limited to making a mockery of the term "paperless office." However, it appears it did actually do some sort of cybersecurity stuff. And, as it is prone to do, the federal government angered others by doing it. (via Slashdot)

Georgia's secretary of state has claimed the Department of Homeland Security tried to breach his office's firewall and has issued a letter to Homeland Security Secretary Jeh Johnson asking for an explanation.

Brian Kemp issued a letter to Johnson on Thursday after the state's third-party cybersecurity provider detected an IP address from the agency's Southwest D.C. office trying to penetrate the state's firewall. According to the letter, the attempt was unsuccessful.

Kemp is a member of the DHS's election security working group. He has also spent a fair amount of time issuing combative statements about the federal government's meddling in states' election processes.

Kemp reminds the DHS of his position on the task force in his letter [PDF] demanding answers for the unwanted intrusion.

At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network. Moreover, your Department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created.

[...]

Georgia was one of the only few states that did not seek DHS assistance with cyber hygiene scans or penetration testing before this year's election. We declined this assistance due to having already implemented the security measures suggested by DHS.

What more could one ask for? Kemp specifically told the DHS "no" and yet the federal agency apparently decided to push up against his office's protections without notification or permission.

Then again, Kemp has already made several comments expressing his displeasure with perceived federal government intrusions, so it's quite possible this is him making grandstands out of mole hills. The DHS, meanwhile, has promised to look into Kemp's allegations and get back to him.

If the DHS did ignore the wishes of two states which expressly told it to back off, that is a problem. A federal government can't ask states to partner up with it if it's just going to ignore those who decline the offer. It's the sort of "team building" exercise that's bound to fail, because while you're falling over backward on the office cafeteria floor, your federal partner is back inside the office trying to guess the admin account password.

Kemp may be right, but that doesn't make him much less of a blowhard. His objections to federal government intrusion have been mostly partisan attacks, rather than more neutral complaints.

It may be discovered at the end of the DHS's "looking into it" that it was just one of those things that happens when 48 states agree to have the election systems tested and only two don't. It could be the DHS's contractor ran down the list in alphabetical order, looking for state orifices to insert the fed's penetration tester into and simply failed to bypass Georgia.

Whatever the truth is, it's not a good look for the DHS or the federal government. Unfortunately, even if Georgia's direct request was ignored by the DHS, the most that will come out of this will be a rug to sweep everything under, embroidered with the words "issuing new guidelines."