Florida's governor has directed the state's elections overseer to review the cyber security of elections systems a month after it was disclosed that two counties had their elections networks breached during the 2016 presidential race.
"Although the breaches did not compromise the outcome of the election, they highlight the importance of protection our elections systems," Rob DeSantis (R) wrote to Florida Secretary of State Laurel Lee on May 22. "Accordingly, I direct the Department of State to immediately initiate a review of the security, particularly the cybersecurity, of our state's elections systems and the elections systems of our 67 counties."
The governor's directive follows the April 18 public release of Special Counsel Robert Mueller's report that disclosed Russian military intelligence successfully accessed at least one Florida county's elections network through spearphishing emails in November 2016. Since then, federal and state officials have said two counties in Florida had their elections networks hacked, although there apparently was no impact on the recording of votes. The identities of the counties are not being disclosed.
"The fact that the breach took place is concerning to everyone of us in here," Rep. Jody Hice (R-Ga.), ranking member on the House Committee on Oversight Subcommittee on National Security, said during a hearing on Wednesday on securing U.S. elections.
Hice asked the top cyber security official at the Department of Homeland Security what is being done to ensure such a hack doesn't occur again.
DHS continues to work with state and local elections official across the U.S. and Florida "is probably one of our best partners of any state in the union right now," Chris Krebs, the department's director of the Cybersecurity and Infrastructure Security Agency (CISA), replied.
Krebs noted that 66 of Florida's counties have deployed Albert cyber intrusion detection sensors within their elections jurisdictions and the remaining county is in the process of deploying the sensors. All the counties are working in partnership with CISA, he said.
As for the incident in 2016 related to the Florida elections hacking, Krebs said it has been addressed and now DHS is focusing on "what happened in this case. We have made a significant investment in outreach and engagement, best practices sharing. Spearphising campaign assessments are one of our top priorities in pushing just awareness that with email comes potential risks."
Later in the hearing, full Committee Chairman Elijah Cummings (D-Md.), highlighted a February report by the DHS Inspector General that said CISA is inadequately staffed for its mission of helping to protect elections infrastructure.
Krebs said that was "absolutely true" in 2016 but that since then CISA has been building up full-time and surge capacity. Currently, there are 17 full-time personnel working elections security and by the time the 2020 elections come the agency will "be pushing 30 personnel" full-time, and have more field staff, he said.
Ahead of the 2018 mid-term congressional elections last November, Krebs said he had over 550 people working elections security at the national, state and local levels, pointing to his ability to surge capacity when needed.
"That's pretty good," he said, "I can do better," with the goal being to become "more scalable."
In the last two years, Krebs said his field staff, which has a range of capabilities from cyber, physical, emergency communications, and mission support, has spent 50 percent of its time on elections infrastructure support, calling it a "half-time job" for them.