Georgia’s top election official this week accused the U.S. Department of Homeland Security of trying to hack a computer network containing the state’s voter registration database.
Brian Kemp, Georgia’s secretary of state, demanded information about the alleged intrusion attempt in a letter sent Thursday to Homeland Security Secretary Jeh Johnson.
“On Nov. 15, an IP address associated with the Department of Homeland Security made an unsuccessful attempt to penetrate the Georgia Secretary of State’s firewall. I am writing you to ask whether DHS was aware of this attempt and, if so, why DHS was attempting to breach our firewall,” Mr. Kemp wrote.
“At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network,” he added. “Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created.”
Indeed, Mr. Kemp was appointed by the nonpartisan National Association of Secretaries of State earlier this year to serve as an adviser for a DHS working group tasked with helping states manage cyber risks to their election and voting systems prior to the Nov. 8 election.
Despite holding that role, however, Georgia was one of only two states in the country that refused assistance offered by DHS in the run-up to last month’s race, Cyberscoop reported, notwithstanding heightened concerns from coast to coast at the time over the possibility of the contest being sidelined by a cyberattack.
David Dove, Mr. Kemp’s chief of staff, told CyberScoop that the decision to walk away from the agency’s offer resulted in “a lot of grief” for the Georgia’s secretary of state.
“We basically said we don’t need DHS’s help,” Mr. Dove said, because the state had already obtained the assistance of a third-party cybersecurity firm.
The office of the Georgia Secretary of State declined to say who exactly the state has sought out for its cyber assistance, but that the the company “analyzes more than 180 billion events a day globally across a 5,000+ customer base which includes many Fortune 500 companies,” Cyberscoop reported.
According to Mr. Kemp’s letter, last month the security firm caught someone trying to penetrate a computer network containing information pertaining to 6.5 million Georgians, 800,000 corporate entities and 500,000 licensed or registered professionals.
“Under 18 U.S.C. § 1030, attempting to gain access or exceeding authorized access to protected computer systems is illegal,” Mr. Kemp wrote.
Scott McConnell, DHS deputy spokesman, said he had received the letter and that the agency is “looking into the matter.”
“DHS takes the trust of our public and private sector partners seriously, and we will respond to Secretary Kemp directly,” he said in a statement to The Hill.