Press Release from U.S. Sen. Tom Carper (D-DE)

Sep 14 2016

Senator Carper Urges Nation’s Governors to Take Steps to Maintain Confidence in State Election Systems

Encourages nation’s governors to use voluntary, free cybersecurity resources offered by the Department of Homeland Security

WASHINGTON – Today, U.S. Senator Tom Carper (D-Del.), top Democrat on the Senate Homeland Security and Governmental Affairs Committee, and former Chairman of the National Governors Association, sent a letter to the chair and vice chair of the National Governors Association, Governors Terry McAuliffe (D-Va.) and Brian Sandoval (R-Nev.), urging them to encourage fellow governors to take advantage of federal resources, such as risk and vulnerability assessments, offered by the Department of Homeland Security to help states better secure their election systems from cyber threats. Senator Carper’s recommendation comes in the wake of reports indicating that the Russian Federal Security Service and Russian military intelligence may have been involved in the recent cyberattacks against the Democratic National Committee.

“As has been publicly reported, U.S. intelligence and law enforcement officials are reviewing whether Russia is engaged in active measures to influence the American political process, including cyberattacks on election systems. Last month, for example, the Federal Bureau of Investigation (FBI) issued an alert about unknown actors targeting state election databases,” wrote Senator Carper who served as Governor of Delaware from 1993 to 2001 and Chairman of the National Governors Association from 1998 to 1999 where he also led the organization’s Center for Best Practices in 2000.

“Although these reports are troubling, I believe the American public should have confidence in our current election systems and the efforts of state and local governments to make the risk of a successful cyberattack remote. With that said, the FBI and DHS are still encouraging state and local governments to take appropriate additional precautions to enhance the security of their election-related computer systems. To this end, there are several tools and resources – some even free – that are available to states that wish to voluntarily seek more assistance,” Carper continued. “While I remain confident in our election systems today and in the numerous security precautions already taken by the states, I respectfully ask that you continue to encourage the states to review the cybersecurity of their election systems, and to take advantage of the information and voluntary assistance provided by DHS and other federal agencies.”

Last week, Senator Carper wrote to Twitter, Inc. Chief Executive Officer Jack Dorsey asking Twitter for assistance with determining if malicious actors are using its platform to conduct covert operations aimed at undermining the political processes in the United States. Senator Carper asked how Twitter is working to reduce these “social” cyberattacks, which are made possible through the use of “bots” – automated and often false accounts – that allow the spread of disinformation or propaganda.

In August, Senator Carper wrote to Department of Homeland Security Secretary Jeh Johnson regarding recent reports that foreign actors may have been involved in cyberattacks against the Democratic National Committee and other American political organizations. Senator Carper commended Secretary Johnson’s efforts to consider designating election systems as critical infrastructure and urged him to quickly provide best practices and technical support to state and local election officials that request assistance with the cybersecurity of their election systems. Last month, the Federal Bureau of Investigation’s Cyber Division also issued an alert regarding possible cyberattacks of state election systems by foreign actors.

The text of the letter to Governors McAuliffe and Sandoval can be found below and in PDF form here.

September 14, 2016

The Honorable Terry McAuliffe               
Chair, National Governors Association  
P.O. Box 1475
Richmond, VA 23218

The Honorable Brian Sandoval
Vice Chair, National Governors Association
Executive Chambers
101 North Carson Street
Carson City, NV 89701

Dear Governors McAuliffe and Sandoval:

I write today regarding the recent cyberattacks on American political organizations and state election systems and to make sure you are aware of the valuable tools that the Department of Homeland Security (DHS) has to offer to address these threats to our country.  I ask for your assistance with informing your fellow governors about these important tools that can be made available upon the request of any state.

As a former Governor of Delaware, former Chairman of the National Governors Association (NGA), and former chair of the NGA’s Center for Best Practices, I greatly value the importance of the great work done by the NGA and the states. I am especially encouraged by the leading role the Center for Best Practices has taken with respect to cybersecurity issues and the commendable work you have done to enhance the state-federal partnership to address cybersecurity challenges.[1] As the cyber threat our country faces grows and evolves, it is critically important that we continue to strengthen the ongoing partnership between the NGA and the federal government.

As has been publicly reported, U.S. intelligence and law enforcement officials are reviewing whether Russia is engaged in active measures to influence the American political process, including cyberattacks on election systems. Last month, for example, the Federal Bureau of Investigation (FBI) issued an alert about unknown actors targeting state election databases.[2]  And there is strong evidence that Russia has sought to interfere with foreign states’ election processes in the past in order to serve its own interests. 

Although these reports are troubling, I believe the American public should have confidence in our current election systems and the efforts of state and local governments to make the risk of a successful cyberattack remote. With that said, the FBI and DHS are still encouraging state and local governments to take appropriate additional precautions to enhance the security of their election-related computer systems. To this end, there are several tools and resources that are available to states that wish to voluntarily seek more assistance.

DHS, for example, offers cyber hygiene assessments to identify vulnerabilities and then provides recommendations on remediating the vulnerabilities as well as more in-depth, risk, and vulnerability technical assessments. DHS also makes available the services of its 24/7 cyber operations center, known as the National Cybersecurity and Communication Integration Center, as well as regional professionals across the country to help state, local, tribal and territorial governments. States interested in these services can request assistance through DHS’s State, Local, Tribal and Territorial Cybersecurity Engagement program by emailing SLTTCyber@hq.dhs.gov.

In addition, DHS also partners with the Multi-State Information Sharing and Analysis Center (MS-ISAC) to help states manage cyber risk and share information. As you are likely aware, the MS-ISAC is another incredibly valuable resource for states and local governments and offers many services, including real-time network monitoring, early cyber threat warnings and advisories, vulnerability identification and mitigation, and incident response.

When I served as Governor from 1993 to 2001, my fellow governors and I did not have to worry about the many of the kind of cybersecurity challenges faced by states today. While I remain confident in our election systems today and in the numerous security precautions already taken by states, I respectfully ask that you continue to encourage your fellow governors to review the cybersecurity of their election systems and to take advantage of the information and voluntary assistance provided by DHS and other federal agencies. While I fully appreciate a state’s responsibility to administer its own election systems, I believe that we must continue to work together to protect the values and institutions that we cherish so much in our great country.

            With best personal regards, I am

                                                            Sincerely yours,

 

                                                            Tom Carper
                                                            Ranking Member

cc:     The Honorable Ron Johnson
          Chairman

Scott Pattison
Executive Director and Chief Executive Officer
National Governors Association

The Honorable Denise Merrill
Connecticut Secretary of State
President, National Association of Secretaries of State