Nielsen: Election officials don't have necessary security clearances
Sec. Kirstjen Nielsen and former Sec. Jeh Johnson. Photo: Saul Loeb / AFP / Getty Images
Homeland Security Secretary Kirstjen Nielsen told the Senate Intelligence Committee Wednesday that only about 20 of 150 state and local election officials have security clearances to obtain election security intel as they try to shore up vulnerabilities in light of Russia’s efforts to meddle in U.S. elections. Nielsen said DHS is sponsoring up to three election officials per state to obtain the necessary clearance.
Why it matters: As former Homeland Security Secretary Jeh Johnson told the committee Wednesday, "Given that our electoral college and our current politics, national elections are decided in a few precincts, in a few key swing states. The outcome therefore may dance on the head of a pin." The U.S. is in an election year, and several high-ranking intel leaders have told lawmakers that Russia is already showing signs it is meddling in this year's elections.
Details on clearances: Nielsen said DHS is working with the interagency process to bypass the security clearance process as needed if there is intel that must be shared with local officials urgently. “We’re not waiting for clearances,” Nielsen said. DHS is also prioritizing these clearances over other clearances for other sectors, per Nielsen.
Other highlights from the hearing:
- DHS considers swing states priorities when it looks at election security needs, Jeanette Manfra, DHS's National Protection and Programs Directorate (NPPD) Assistant Secretary for the Office of Cybersecurity and Communications, told lawmakers.
- Nielsen said it "is absolutely a national security concern" when "there is no way to audit the election" through paper ballots or a paper trail of ballots.
- Sen. Dianne Feinstein said she wants state vulnerabilities and breaches to be made known to the American people so they can try and hold their states accountable: "I think states have to know that it’s going to be known by the public if they don’t" fix their systems.
- On whether vendors of election systems are producing secure systems: When asked about vendors allowing remote-access software on election systems, which can open up elections to breaches, Manfra said she doesn't have "perfect insight into the machines that the states buy."
- On the to do list for DHS: Physical security. Working with election officials to make sure that voting systems are not just cyber-secure, but also physically secure. We "need to make sure that the location where the voting machines are kept have very traditional security like we would in other critical infrastructure areas," Nielsen said.
- 33 states have had their voting systems go through the Election Assistance Commission-provided process for a certification of the system, while 35 states require that verification by law, according to Nielsen. The secretary said she thinks all states should have their voting systems verified.
- A refreshed set of Voluntary Voting System Guidelines, which provide a set of standards for voting systems, is expected to be issued next month, per Nielsen.
- Another worry "Campaigns are not immune from nation-state surveillance, nation-state hacking," Johnson said.
- A lingering concern for lawmakers, as Sen. Mark Warner put it: "the need for this country to have an articulated cyber doctrine." Without one right now, it "raises questions about where does the responsibility lie about where to report about software liability."
Go deeper: The Senate Intel Committee released recommendations for bolstering election security earlier this week. Former Sec. Johnson said Wednesday he agrees with them, and so do other security experts