Georgia Secretary of State Brian Kemp has asked federal officials to explain what appears to be an attempt by the U.S. Homeland Security Department to breach the state's voter registration database a week after the November election.
The claim comes after an IP address associated with the federal agency attempted to penetrate the state’s firewall Nov. 15. The attempt was unsuccessful, but in a letter Thursday to Homeland Security Secretary Jeh Johnson, Kemp said he wanted to know whether the department had permission to conduct what he called an “unauthorized” scan of Georgia’s system.
“At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network,” Kemp said. “Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network.”
Kemp noted in the letter that under federal law “attempting to gain access or exceeding authorized access to protected computer systems is illegal.”
Homeland Security spokesman Scott McConnell confirmed that the agency received the letter.
“We are looking into the matter,” McConnell said. “DHS takes the trust of our public- and private-sector partners seriously, and we will respond to Secretary Kemp directly.”
Kemp requested to know who authorized the scan and whether other states had been scanned without permission.
His office conducts its own scans of internet-accessible access points such as the state's election night reporting website by using in-house staff and private vendors. It also works with the state-run Georgia Technology Authority to assess potential threats passed along by federal agencies.
The state also contracts with a security vendor to continuously monitor all network traffic. The idea, in layman’s terms, is to block and report real-time threats — which is how this event was discovered.
David Dove, the chief of staff and legal counsel in the Secretary of State’s Office, said the office was using the letter to demand answers from the DHS, which had offered help to states ahead of the presidential election to test and protect their systems from cyber intrusions ahead of Election Day.
Most states accepted that help, but Georgia did not. The issue had appeared to have quieted until one of Georgia’s vendors flagged the Nov. 15 scan.
“They need to disclose the reason for these attacks,” Dove said of the DHS. “Our vendor elevated this attack due to the nature of the event. We began an investigation, and we are still looking into DHS activities.
Kemp over the past few months had publicly questioned alarms raised by federal officials over the issue of election cybersecurity.
Georgia was one of two states that did not accept federal help to secure its election-related systems after the FBI’s cyber division warned states in August that it was investigating hacking-related incidents related to elections data systems in two states — believed to be Arizona and Illinois.
A month later, state officials said Georgia was not one of 20 states that had voter registration systems targeted in recent months by hackers.
That claim came after FBI Director James Comey told House Judiciary Committee members that his agency had detected a variety of “scanning activities” related to election systems in the United States.
Ballot security was one of the hottest topics in the presidential election year, stoked by President-elect Donald Trump’s claim that he needed his own poll monitors to prevent a “rigged” election.
Georgia officials, meanwhile, sought to assure the state's more than 6.6 million registered voters about the measures they took to minimize any threat. No major problems were reported here through the election.