DHS Report: No Compromise of State Election Systems

    The Maryland State Board of Elections publicly released Thursday a 15-page report detailing the Department of Homeland Security’s investigation into the security of the state’s election data system.

    The report from the Hunt and Incident Response Team from the National Cybersecurity and Communications Integration Center said the team did not find any indications of a compromise in the state’s network.

    The team started work in August to ensure the security of election systems hosted by ByteGrid ― which did not disclose to state officials that it was funded by AltPoint Capital Partners, whose largest investor is a Kremlin-linked Russian oligarch.

    ByteGrid hosted the statewide voter registration, candidacy and election management system, the online voter registration system, online ballot delivery system, and unofficial election night results website.

    The DHS investigators conducted searches to detect known threats including a Russian state-sponsored malicious cyber activity known as Grizzly Steppe, and a North Korean state-sponsored malicious cyber activity known as Hidden Cobra, among others.

    Significant portions of five pages of the DHS report, including sections on findings, analysis and recommendations, are redacted from the publicly available document to protect sensitive information about the state’s systems and data.

    The state board also announced Thursday that it was transitioning to a new data center “out of an abundance of caution.” The state has already contracted with a cybersecurity and technology firm to transition to the new center, according to a statement on its website.

    “This plan will alleviate our concerns with the current ownership of our hosting vendor and demonstrates our commitment to having the most secure election systems possible,” the statement said.

    The completion of the DHS written report and decision to create a new data center were first reported by The Associated Press.

    Officials had released the broad conclusion of the DHS investigation at an earlier board meeting in an effort to reassure voters before the 2018 election.

    U.S. Rep. Elijah E. Cummings (D-Md.) issued a statement after the report was released, indicating that he plans to pursue federal legislation regarding security of election vendors.

    “I am relieved that a comprehensive federal and state review found no evidence of hostile activity on Maryland’s state election systems and other networks. I want to commend the cooperative efforts by state officials, DHS, and the FBI to ensure that our networks are strong and resilient,” Cummings said. “This process has raised policy issues around election vendor transparency and security, and I will work with my colleagues to pass legislation that best addresses these issues and strengthens the security of our elections.”

     [email protected]

    Danielle E. Gaines
    Danielle Gaines most recently worked for Bethesda Beat covering Montgomery County. Previously, she spent six years at The Frederick News-Post as the paper’s principal government and politics reporter for half that time, covering courts and legal affairs before that. She also reported for the now-defunct The Gazette of Politics and Business in Maryland and previously worked as a county government and education reporter at the Merced Sun-Star in California’s Central Valley.