Georgia Says No Thanks To In-Depth Election Security Help From Feds

Despite increasing scrutiny of Georgia’s voting technology ahead of the 2018 midterms, the state will not join more than a dozen others asking the U.S. Department of Homeland Security for special help protecting its election system from hacks, the Secretary of State’s office confirmed this week.

Russia views the upcoming midterms as a potential target for interference, top U.S. intelligence officials told Congress on Tuesday.

In the Georgia Legislature, lawmakers are reviewing multiple bills that would overhaul the state’s voting technology and set up a paper ballot system.

Georgia is one of just a few states that still exclusively use voting machines without a paper trail. Cybersecurity experts agree it exposes the system to potential doubt, hacks and glitches.

After DHS announced Russian hackers targeted election systems in 21 states before the 2016 election, the agency prioritized giving states what it calls in-depth, onsite assessments of their election technology.

The evaluations are free to states if requested.

They can include testing weaknesses in networks and security controls, crafting e-mails to trick election staffers and database scans.

“We already contract with a private vendor to conduct all the same security assessments that the Department of Homeland Security is offering, or has been offering to states, in terms of cybersecurity,” said Candice Broce, with the Secretary of State’s office.

Broce declined to provide the name of the company conducting the assessments, or the cost to taxpayers, citing security risks.

“We are using the private sector as opposed to the federal government to conduct these security assessments, and we have been very pleased with the feedback and response that we’ve gotten,” Broce said.

Like other states, Broce said, Georgia is part of what’s called the Multi-State Information Sharing & Analysis Center, enabling regular communication with federal officials about potential cybersecurity threats.

Since 2015, the Secretary of State’s office or its contractors have left exposed sensitive data, including personal information of Georgians, passwords for poll workers and programming details for voting machines.

Broce reiterated this week that Georgia was not one of the 21 states Russian hackers targeted in 2016 and that there’s no evidence the election system has been maliciously hacked.

Georgia’s Secretary of State Brian Kemp, a Republican candidate for governor, has had a complicated relationship with DHS.

Kemp was one of at least 11 state elections officials who rejected an offer from DHS to scan their states’ voting systems ahead of the 2016 election.

Last December, Kemp said security scans detected what appeared to be an “attack” by DHS on Georgia’s voter registration system.

A report from the DHS inspector general later found nothing malicious behind what triggered the state’s cybersecurity system.

Earlier this year, Kemp applied for “secret” level security clearance with DHS. Broce said it hasn’t been approved yet.

The Secretary of State’s office is also coordinating with DHS for someone from the agency to deliver cybersecurity training to local elections officials at a conference scheduled for March in Athens.

Broce said the details were still being worked out.

Update: Broce said Wednesday that Kemp’s security clearance has now been approved.