By Wendy Underhill
I had the pleasure last week of presenting to the Joint Election Officials Liaison Committee, a group of committed election professionals who gather every year to see what’s percolating on the election policy front.
Right after me, Neil Jenkins of the Department of Homeland Security (DHS), spoke and offered a presentation titled “DHS Cybersecurity: Services for State and Local Officials.”
This was about six hours before DHS designated election infrastructure as a critical infrastructure subsector under a federal program—news he was not at liberty to share with the audience.
What, pray tell, is “election infrastructure"? They include polling places, storage facilities, centralized vote tabulation locations, IT systems relating to voter registration, voting systems, and election management systems, according to Jenkins’ presentation.
And, what is a “critical infrastructure sector”?
There are 16 of them: energy, dams, critical manufacturing, communications, chemical, defense industrial base, health and public health, food and agriculture, emergency services, commercial facilities, water and waste water, financial services, nuclear reactors, materials and waste, transportation and government facilities. Elections infrastructure will be a subsector nested under government facilities.
This designation pleases some—especially election security advocates—and infuriates others on the grounds of federal “overreach” into states’ affairs. The National Association of Secretaries of State put out a statement that takes a middle ground, and calls the designation “legally and historically unprecedented” and reminds readers that “the November 2016 election—the voting process itself—was not hacked or subject to manipulation in any way.”
Doug Chapin, who writes the Election Academy blog, laid out three good questions election professionals may want to ask about the critical infrastructure designation.
- What exactly does the designation mean?
- How does this affect the federal/state balance of control over elections?
- Will it stick?
The third question refers to Jan. 20 and beyond. The Trump administration could retain the designation, or change it.
The second question is a key one this year: What is the responsibility of the states, and what is the responsibility of the feds? No one knows yet what the new designation may require, or mandate, from the states.
As for the question about what the designation means, I turned to Jenkins’ presentation. He made the point that already and at any time, any state or jurisdiction can ask for assistance in checking their systems and protocols. By making the designation of elections as a critical infrastructure subsector, this existing work would be stepped up, and communications between the feds and states would be improved. This includes the creation of a coordinating council, and the provision of “an effective mechanism for election officials to share vulnerability information and ensure that mitigations can be applied to all.”
- Election officials would be able to get the appropriate security clearances to briefed on classified matters.
- Officials would benefit from federal strategic efforts, which could include the promotion of international norms that prohibit peacetime cyber-attacks against critical infrastructure.
- Sanctions could be quickly placed on those responsible for cyber-attacks.
Good or bad? That’s a question for discussion with your state’s chief election official.
Wendy Underhill heads NCSL’s Elections and Redistricting Program. She is interested in hearing from readers whether they see the critical infrastructure designation as good or bad.