Dear Secretary Johnson:
I write today regarding the recent cyberattacks on American political organizations and the potential vulnerability of election systems and voting machines in the United States to similar attacks.
As you are aware, recent reports indicate the Russian Federal Security Service and Russian military intelligence may have been involved in the recent cyberattacks against the Democratic National Committee and the Democratic Congressional Campaign Committee. If these reports are accurate, such an intrusion raises concerns about the ability of foreign actors to interfere in the American political process during the upcoming election, including through cyberattacks targeting electronic voting machines or the information technology of state and local election officials.
Recently, you indicated that the Department of Homeland Security (DHS) is considering whether to designate election systems in the United States as critical infrastructure.[1] While I am not aware that DHS has publically identified a specific or current cyberthreat related to election systems, concerns regarding the security of election-related information technology have persisted for some time. As far back as 2004, the United States Computer Emergency Readiness Team identified vulnerabilities in voting machines that would allow malicious actors to modify vote totals.[2] Other entities, including the Argonne National Laboratory and the Virginia State Board of Elections, have identified issues that left certain electronic voting machines vulnerable to physical or wireless intrusion without detection.[3] Additionally, the Central Intelligence Agency has reportedly monitored foreign countries' use of electronic voting systems and identified attempts to manipulate election outcomes in those countries.[4]
Election security is critical, and a cyberattack by foreign actors on our election systems could compromise the integrity of our voting process. The American public should have confidence in our current election systems and the efforts of state and local governments to make the risk of voter fraud and a successful cyberattack remote. At the same time, the federal government can play a supporting role in helping address the potential for these types of attacks. Designating election systems as critical infrastructure could improve and expand our nation's ability to prevent and to respond to potential cyberattacks originating both from inside or outside our borders. As such, I commend your efforts to carefully consider this issue and urge you to make this determination as quickly as is feasible.
You also indicated that DHS is considering communicating with state and local election officials to inform them of best practices to guard against cyber intrusions related to electronic voting machines. As the federal agency that has expertise to assist state and local governments with cyberthreats, I encourage you to move quickly to provide appropriate technical assistance and any other support to state and local jurisdictions that request assistance with the cybersecurity of their election systems. I also ask that you coordinate your efforts with the National Institute of Standards and Technology, the Election Assistance Commission, and other relevant agencies involved with the security of election systems.
Finally, I ask that you make the appropriate DHS officials available to brief me and my staff on this issue and efforts to ensure our election systems are secure.
As you know, cybersecurity remains one of our nation's biggest security challenges, and it is vital that we do what is necessary to protect ourselves and our democracy from these potential threats. Thank you for your attention to this matter.
With warmest personal regards, I am