Kenneth Rapuano, assistant secretary of defense for homeland defense; Scott Smith, assistant director of the FBI's cyber division; and Christopher Krebs, acting undersecretary for the national protection and programs directorate at the Department of Homeland Security, testify before the Senate Armed Services Committee on Oct. 19, 2017. Screenshot photo.
US government officials from the FBI, the Department of Homeland Security, and the Department of Defense told the Senate Armed Services Committee Thursday they are preparing measures to protect upcoming US elections from cyber attack.
They called the task daunting, however, because elections are organized on a state and local level, and the federal government does not have a central organization to coordinate a national response to cyber attacks.
“We have structures in place,” said Christopher Krebs, acting undersecretary for the national protection and programs directorate at DHS, cautioning, “We are not going to flip a switch and suddenly be 100 percent secure.”
As a civilian agency, DHS currently takes the lead on preparing for and responding to cyber attacks against civilian infrastructure, and it should stay that way, Kenneth Rapuano, assistant secretary of defense for homeland defense, told the committee. He said the US has a “long-standing tradition of not using the military for civilian functions,” and that giving DOD more responsibility for cyber attacks on civilian elections infrastructure “risks diluting DOD focus on its core military mission to fight and win wars.”
Still, Rapuano said the National Guard has “trained cyber capable forces” throughout the US, “identifying vulnerabilities and mitigating those vulnerabilities” at the request of state governments. Some of these personnel are part of the DOD’s Cyber Mission Force, Rapuano said, whose 133 teams will “attain full operating capability in September of 2018.”
The FBI also has been continuously working on the problem since the 2016 election, said Scott Smith, assistant director of the Bureau’s cyber division. The FBI has “an election fusion cell” working “not only on what had transpired [in the 2016 election] and getting deeper on that,” he said, but “also working forward as to what may come towards us in the upcoming midterms.” Smith added “every field office has a designated election crimes coordinator” tasked with responding to state and local election issues.
Krebs said DHS has established “an election security task force” currently focused on “gubernatorial elections that are coming up in a matter of weeks.” The DHS task force has set up a “government coordinating council,” he said, able to “provide a foundation to coordinate security practices” across the 50 states. DHS is also “issuing security clearances to a number of elections officials” and working to stand up a “sector coordinating council” to involve companies that design and maintain state and local voting systems.
In terms of changes to the US cybersecurity posture, Krebs was most insistent on rechristening his organization. “I need a name change,” he told the Senators. “I need something that says ‘I do cybersecurity.’”