FBI Plans to Inform States of Election Breaches

The agency changed its policy to provide more timely and actionable information to state and local election officials in the case of a cybersecurity breach to election infrastructure.

The FBI has changed its policy around election cybersecurity and said it will now notify state officials in the event that local election systems are hacked.

The move—revealed in a media briefing Thursday and then published online later that day—extends the number of election officials who are notified of hacks beyond just the direct victims, such as local state counties that own and operate election equipment.

Previously, the FBI would inform these parties but didn’t necessarily share the information with state election officials, a move that came under fire from state lawmakers and Congress for not going far enough to protect the integrity of elections from cyberattacks.

“Cyber intrusions affecting election infrastructure have the potential to cause significant negative impacts on the integrity of elections,” the bureau said in a press statement. “The FBI’s new policy recognizes the necessity of notifying responsible state and local officials of credible cyber threats to election infrastructure.”

Each state has a designated chief state election official that has ultimate authority over elections held in the state; these duties often include certifying election results, according to the FBI. However, most election infrastructure is owned and operated by local governments, which have their own local officials overseeing the elections at the county and local-precinct level.

“The FBI’s interactions regarding election security matters must respect both state and local authorities,” the bureau said in its statement. “Thus, the FBI’s new policy mandates the notification of a chief state election official and local election officials of cyber threats to local election infrastructure.”

Generally pundits worried about the security of upcoming elections view the move as good news; however, some said the federal government needs to go even further to protect the rights of voters, the veracity of results, and generally show transparency when it comes to election security.

“This is great and all, except the FBI should have been informing states about breaches of local election systems all along,” Tweeted Jennifer Cohn, an election security advocate, writer and attorney. “Plus, we need the FBI to commit to telling the public about such breaches too. Elections are funded with taxpayer money. They belong to the public.”

With evidence already public that hackers are already trying to interfere with the 2020 elections, this decision could become crucial to protecting results come November.

Last October, researchers from the Microsoft Threat Intelligence Center revealed that since August they had been observing hackers tied to Iran—later identified as a group called Phosphorous–trying to access Microsoft-based email accounts of people associated with the 2020 Trump campaign.

Moreover, since that time, tensions between the United States and Iran have escalated after Trump had top Iranian General Qassim Suleimani assassinated and Iran retaliated with an air strike of its own against U.S. forces in the Middle East. The current rift between the nations makes Iranian cyber attacks–including ones related to the 2020 election–against the United States even more likely.

Concerned about mobile security? Check out our free Threatpost webinar, Top 8 Best Practices for Mobile App Security, on Jan. 22 at 2 p.m. ET. Poorly secured apps can lead to malware, data breaches and legal/regulatory trouble. Join our experts from Secureworks and White Ops to discuss the secrets of building a secure mobile strategy, one app at a time. Click here to register.

Suggested articles