(Bloomberg) -- Three months before some U.S. states host primary elections, the Department of Homeland Security has begun offering security clearances to state officials to more easily share classified information as the threat of cyberattacks looms over next year’s polls.
The federal government is “clear-eyed” that threats to election systems remain an ongoing concern after Russia’s meddling in the 2016 election, according to Chris Krebs, the DHS senior official performing the duties of under secretary for the National Protection and Programs Directorate.
“We’re offering security clearances initially to senior election officials, and we’re also exploring additional clearances to other state officials,” Krebs told a House Oversight and Government Reform subcommittee hearing on Wednesday. “These relationships are built and sustained on trust. Breaking that trust will have far-ranging consequences in our ability to collaboratively counter this growing threat.”
Almost three dozen state officials have begun the process of obtaining a clearance, according to a DHS official who asked not to be named. The official wouldn’t identify which states are receiving the clearances but said they are part of DHS’s efforts to share information with state officials who administer the nation’s elections.
After the U.S. intelligence community reached its conclusion on hacking in the 2016 election, the federal government in January designated election systems as “ critical infrastructure,” a move that opened up federal assistance to election officers around the country.
Issuing security clearances is among a number of voluntary services that Homeland Security is offering states to help boost their cybersecurity. Yet with some election primaries starting in March, there are questions about whether the effort is coming too late to fully beef up state-level defenses. Special Counsel Robert Mueller is still investigating last year’s election hacking and potential ties between Russia and President Donald Trump’s campaign.
Wary of a federal takeover of election systems, the National Association of Secretaries of State opposed the critical infrastructure designation, but since then “we have made good-faith efforts to work together with DHS,” Tom Schedler, Louisiana’s secretary of state and a member of the association’s cybersecurity task force, said during the hearing.
“Part of that work includes chief election officials obtaining security clearances,” Schedler said. “We have often been told by DHS that they can’t share information because it is classified. Hopefully these new clearances will address this problem.”
Other services federal agencies are providing to state and local authorities that request help include “cyber hygiene” monitoring of their internet-facing systems related to elections and on-site assessments of cyber vulnerabilities with DHS experts. Elections officials can also get information directly from the department’s National Cybersecurity and Communications Integration Center in the Washington area, or its field-based cybersecurity and protective security advisers, Krebs said.
DHS maintains “that mounting widespread cyber operations against U.S. voting machines at a level sufficient to affect a national election would require a multi-year effort with significant human capital and information technology” available only to nation-states, according to Krebs’s prepared testimony.
“The level of effort and scale required to significantly change a national election result, however, would make it nearly impossible to avoid detection,” Krebs said.