Kemp's office detected what he called a "large attack on our system" in November. His staff was able to trace the alleged attacker back to the Department of Homeland Security.
DHS has denied it tried to break through the state's computer firewall. An agency spokesman did not immediately return requests for comment Wednesday.
DHS has said previously that it believes an employee was legitimately using databases on the Secretary of State's website and that the employee's computer was configured incorrectly. That configuration mistakenly made it look like the employee was trying to hack into Kemp's systems.
In a letter to Kemp on Tuesday, Johnson blamed a Microsoft product for the error, but Kemp is not convinced.
"The scenario DHS has proposed has still not been verified by Microsoft," Kemp wrote Johnson late Tuesday. "There are still many questions regarding the origin and intent of this attack that remain unanswered."