Cybersecurity

Wyden pushes WH for state election security scorecard, campaigns as critical infrastructure

Sen. Ron Wyden (D. Ore.) formally requested the Executive Branch give states report cards on election security and for political campaigns to be designated as critical infrastructure. 

Those are two of four “concrete steps” suggested by Wyden in a letter to national security adviser H.R. McMaster dated Tuesday. Both, if considered, would likely provoke pushback. 

“[F]oreign governments will continue to exploit cybersecurity weaknesses in our election infrastructure. While some states have taken the threats seriously, others are seriously lagging behind and remain woefully vulnerable to foreign government cyberattacks,” wrote Wyden.

Wyden suggested in the letter that the Department of Homeland Security (DHS) and the Department of Commerce’s National Institute of Standards and Technology (NIST) provide states letter grades on election security. 

States are in charge of running elections, including their security. Though federal agencies including the DHS and NIST offer optional assistance, states have traditionally pushed back against even that amount of help in running their own elections.{mosads}

DHS experienced this firsthand before the election last year when it offered to designate elections as critical infrastructure. DHS typically applies the label to economic sectors vital to national security, like energy or financial markets. It would have allowed election officials a bevy of additional voluntary tools to bolster their security. 

States argued that the designation would be the first step towards federalization of elections and protested the move. After the election, then-Homeland Security Secretary Jeh Johnson designated elections critical infrastructure nonetheless — a move the National Association of Secretaries of State still expresses objections to. 

The State Department has long argued that while nations should be allowed to conduct traditional espionage, tampering with critical infrastructure should be considered off limits.

Declaring campaigns critical infrastructure would stretch the meaning of the term, while likely making a repeat of the actions Russia is believed to have undertaken in the 2016 elections an even greater offense. 

Wyden’s letter makes two additional requests: that the White House has a senior adviser “own” the issue and that Secret Service extend its protection of candidates to include cybersecurity. 

While Wyden said he will introduce a bill providing additional election security measures, he bemoaned what he saw as political inertia that stops lawmakers from passing legislation. 

“Unfortunately, even with clear evidence that states are not addressing their vulnerable election infrastructures, Congressional leadership has been unwilling to schedule legislative efforts that either provide oversight or require states to adopt common-sense election-cybersecurity measures,” he wrote.

“Congressional leadership conveniently chooses to believe that this is a states’ rights issue, even if it means leaving our national elections vulnerable to cyberattacks by foreign governments.”