WASHINGTON — Congress should consider implementing federal minimum cybersecurity standards for elections or mandating a federal assessment of electoral cybersecurity across the country because the integrity of national election outcomes “dances on the head of a pin,” former Homeland Security Secretary Jeh Johnson said Thursday.
In his remarks at the first public meeting of the Congressional Task Force on Election Security, Johnson also argued that members of Congress should take active roles in encouraging their own local election officials to carefully monitor security: “I think it would be well within your mandate to say to officials in your states, at the state level: what are you doing to shore up the security of national elections, yourselves?”
Johnson maintained that votes were not altered or suppressed during the 2016 presidential election, but said there is a need for legislative action to promote electoral cybersecurity.
The task force was created in June by the House Democratic leadership because “the integrity of our democracy itself is under threat from the Russians,” House Minority Leader Nancy Pelosi said at the time. The committee aims to identify legislative strategies to address potential cybersecurity threats ahead of the 2018 midterm elections.
An early start to cybersecurity work is critical, said Suzanne Spaulding, a former DHS official who now is on a Harvard University digital democracy board, because some DHS engagement with local officials during the last election came too late to be effective.
“By the time that DHS officials began to engage with secretaries of state last summer, they were already well into their countdown for the election and most said it was too late to make significant changes,” Spaulding said.
The forum occurred less than a week after DHS notified election officials in 21 states that they had been targeted in the November election by Russian hackers.
“Can you just help us understand more about why DHS cannot always share information with every interested stakeholder, if you will?” asked Rep. Val Demings, D-Fla., citing that delay.
Johnson responded that a number of states were contacted before the election.
“There was a lot of dialogue that occurred last year,” he said. “I know that there was a considerable level of contact last year with states where we saw this activity going on to provide what we knew at the time and to provide our assistance.”
Johnson and Spaulding also emphasized the importance of respecting the independence of states while preserving the integrity of election infrastructure across the country.
“To the extent states are nervous about having federal employees, federal officials coming into their systems [to conduct electoral security assessments], third party entities could be certified,” Spaulding said. But, she argued, “I do think there’s a role for Congress.”