The latest test for the once-fraught working relationship between the federal government and state election officials came Jan. 2 when a U.S. drone strike killed Iranian Maj. Gen. Qassem Soleimani, stoking fears about a potential cyber response from Iran.
Within 24 hours, leaders from the Department of Homeland Security’s critical infrastructure protection agency were on the phone with the state leaders, discussing Iranian threats with election officials and those who oversee critical infrastructure.
Mac Warner, the Republican secretary of state of West Virginia, said feds warned that Iranian actors may already be inside their systems but hadn’t yet engaged in malicious activity.
“I really hadn’t thought through that,” Warner told Fifth Domain. “We were watching just for somebody to get inside, but what if they were already inside and I didn’t know it?”
That call, which was announced on short notice on a Friday evening, had 1,700 dial-ins, according to Chris Krebs, the director of DHS’ critical infrastructure team, the Cybersecurity and Infrastructure Security Agency. A similar meeting the following week had 5,900 dial-ins, Krebs told the U.S. Conference of Mayors Jan. 22.
For Warner, the call demonstrated a shift in the dynamics between states and the federal government following the 2016 election. It’s an example of “what’s happening and working now that we didn’t have in place three years ago,” he said.
In interviews with Fifth Domain, several state secretaries of state lauded the closer relationship — an improvement from a few years ago when some secretaries accused DHS of trying to hack their election systems.
Now, with the presidential nominating process officially underway and less than about 10 months until the general election, these officials hope the progress made will be enough to secure election infrastructure from adversaries aiming to cast doubt on American elections.
“We really appreciate our federal partners ... and want to continue to see this relationship grow,” said Mark Neary, assistant secretary of state in Washington. “I feel like we are doing a much better job of being proactive to potential risks that are out there as opposed to having to react to those things.”
Federal leaders and state officials have worked to balance the transparency with which state officials approach elections and the classified nature of the work done by DHS, FBI and the intelligence community.
“It’s been really difficult to bring those two cultures together. I don’t want to say we’re there, but I think we’re very much in [more] communication than we have been,” said Denise Merrill, the Democratic secretary of state of Connecticut.
For the last year, civilian, defense and intelligence officials have warned that election interference campaigns will come from more adversaries than just Russia. What resulted from the 2016 Russian interference campaign was a sudden need for state and federal officials to communicate on threats to prepare for future elections.
“There was no need to have these relationships until four years ago,” said Al Jaeger, the independent secretary of state of North Dakota, who has served in the position since 1993.
Secretaries interviewed for this story said that in 2016, state election officials were suspicious of the federal officials and said it was clear that federal officials didn’t know how state elections worked.
Since then, the federal government leaders, especially those at CISA, have concentrated on reaching out to state and local election officials.
“As we’ve built those relationships and we know who to call or who to send a text to, things have gotten better and better,” said Ohio Secretary of State Frank LaRose, a Republican, who took office in January 2019. He later added that he’s “fully embraced” the assistance of federal partners.
Although DHS has had a significant amount of turnover among its leadership during the Trump administration, the election security team at CISA has been steady since 2017. State officials praised the work of CISA’s senior cybersecurity adviser Matthew Masterson, who focuses on election security, and Krebs, the CISA director.
But work remains. Warner told Fifth Domain the federal government needs to provide states with more specific information about the details of hacks or attempted hacks. As an example, he said, notifying states that a county was a victim of a ransomware attack wasn’t enough. State officials need to know how it happened, such as through a phishing email on a personal account.
“I need enough specifics so that then I can relate and [ask] ‘do I have that situation in my counties? Do I need to warn people?'” Warner said. “We’re still improving that information flow. We need more of that Soleimani-type examples where they get on the phone and tell us. So they’re a whole lot better, but they can do more.”
There was also high-profile miscommunication this week between DHS and Iowa after troubles with a voting app used in the state’s caucus led to delays in tallying the results and was later found to have significant vulnerabilities. DHS Secretary Chad Wolf said the department offered to test the app, but the Iowa Democratic Party refused — an allegation that Troy Price, IDP chairman, disputed. A DHS official told Politico that the app was part of a broader preparation exercise, so "it’s not like they flat out said, ‘We don’t want this.’”
As for the information sharing between states and feds, a lack of specifics has long been a problem, as was detailed in the first volume of the Senate Select Committee on Intelligence report on the 2016 election. The report highlights several complaints from the states in which the feds would send out notifications about cyberthreats without proper context or wouldn’t send information to all the proper election leaders.
It also outlines how DHS didn’t “ascribe any additional urgency” to a threat notification sent out in October 2016 to state IT directors, “very few” of whom reported the notification to election officials. For example, leaders from what’s identified only as “state 11” met with DHS in August 2016 and reported to the committee that DHS hadn’t indicated any nation-state threats to the election system. This was despite a FBI warning about threats that same month. The report noted that state leaders thought the warning was an “insignificant event.”
In many cases, state officials didn’t know who to talk to at the federal level, but with the improved information sharing since 2016, several secretaries said they have greater confidence for the 2020 election season.
In 2016, “we didn’t know who our contacts were that would allow us to gain access to information or even be told ‘no, you can’t have access to that because you don’t have a need to know,’” said John Merrill, the Republican secretary of state of Alabama since 2015. “That is a concern that I think has been meted.”
Access to information
In 2017, in response to the complaints about access to cyberthreats against their election systems, DHS granted chief state election officials Secret security clearances. That decision increased the amount of threat information that election officials could access.
Then, in the fiscal 2020 defense policy bill passed in December, Congress directed the Office of the Director of National Intelligence and DHS’ Under Secretary of Homeland Security for Intelligence and Analysis to clear the way for states’ “chief election official” to gain Top Secret clearances.
Congress gave the agency until Jan. 19 to start giving top election officials access to a higher level of threat information. Several secretaries were unaware that they were eligible for Top Secret clearances or had heard about the change but hadn’t received paperwork. No election officials told Fifth Domain they had asked for more information about threats but were denied access because of their level of clearance.
An ODNI spokesperson said the office “fully supports” DHS and referred specific implementation questions to DHS.
“Consistent with current DHS practice, we have worked to clear election officials in every state," a CISA spokesperson said. "We also work with ODNI to provide one-day read ins as necessary to brief election officials on classified topics. Under the NDAA we will continue to move forward with this process.”
CISA has also improved its relationship with states by offering several free services, such as testing for vulnerabilities and providing intrusion detection systems, known as Albert sensors, to all 50 states. All told, the two sides understand each other better than they did in 2016. A Government Accountability Office report from Feb. 6 found that officials in seven of eight states interviewed were “very satisfied” by CISA’s election efforts.
That report made three recommendations for DHS leaders: finalize its strategic plan and support operations for secure election infrastructure, ensure that the operations address all lines of efforts in the plan and document how the agency will address previously identified challenges from past election efforts.
Andrew Eversden covers all things defense technology for C4ISRNET. He previously reported on federal IT and cybersecurity for Federal Times and Fifth Domain, and worked as a congressional reporting fellow for the Texas Tribune. He was also a Washington intern for the Durango Herald. Andrew is a graduate of American University.