DHS takes on election security

The operation of elections is decidedly not a federal function. This idea has roots deep in the founding. Simple as they are in theory, elections are surprisingly difficult to conduct in a way that everyone agrees with the results. Ballots can be lost or filled out in bulk. Punch cards can have hanging chads. Mechanical voting machines can go haywire. Electronic systems can have software flaws. All of these things can happen by mistake or intentionally.

Skeptics of a nationalized system need point no further than the Census decennial count. So much depends on so much apparatus run by a single organization, that the whole thing acquires a certain fragility.

A benefit of the election structure is that in statewide or national elections, at least there is no single point of failure.

The downside is that repeated failures here and there can introduce a sort of cancer in the system as a whole, if people become increasingly cynical about the results of any election, even for Selectman. Errors or — worse — malfeasance at the local level can destroy the whole: witness the bankruptcy filing of the Boy Scouts of America.


Following whatever happened during the 2016 election, Homeland Security, through what is now called the Cybersecurity and Critical Infrastructure Security Agency, or CISA, tagged the collection of election systems in the United States as critical infrastructure, right up there with the power grid and the ATM network.

As such, what is true of all critical infrastructure is true for elections systems. Ultimately they’re the responsibility of local “owners” and operators. CISA Director Chris Krebs says the federal government’s job is to make sure local officials are prepared.

CISA’s new strategic plan came out last week, shortly after the latest “c’mon already” from the Government Accountability Office. Next GAO will urge CISA to finish the next piece of its election strategy, namely the operational plan.

In the strategy, CISA discusses the so-called last mile in the election system, namely each jurisdiction’s local apparatus. CISA says its “Last Mile products are scalable, customizable tools that local stakeholders can use immediately to improve security and awareness of additional services available. These products aim to strengthen the relationships among national, state, and local partners, which are essential for effective information sharing and continual engagement on critical election security issues.”

Not sure what that means. Tools for strengthening relationships don’t sound like, say, software to protect voter registration rolls. CISA also lists a variety of activities with voting officials and other agencies.

But that federal-local relationship is important. More important is that local officials have trust that the federal government will be an impartial broker among the many, potentially malign forces at work locally.

For a variety of reasons, that trust is nothing to take for granted. In many jurisdictions, local police are told not to cooperate with Immigration and Customs Enforcement. In some quarters, people take widely differing views of whether the Justice Department operates without bias. Years after the tax exempt organizations scandal, you can still find people distrustful of the IRS’s intentions.

I’m not arguing whether these prejudices are justified, only that they are real and DHS will have to deal with them. Mistrust of “the feds” represents an ancient American tradition, but in the new age of tough politics it seems to be on the rise.

Election systems do make up critical infrastructure. Remember the magnifying lenses and squinting, hapless election officials on Florida back in 2000? Imprecise paper ballots have given way to Russian phishing attacks aimed at access to voter registration databases. Many jurisdictions will need CISA’s help, now that primaries are nearly in full swing. They’ll have to know CISA, and any federal agency, is acting with a fair and accurate election as the only goal.

Copyright © 2020 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.