After Attempted Network Breach, SoS Brian Kemp Wants Answers from US Homeland Security

After detecting an attempted breach of the firewall protecting the Georgia Secretary of State’s internal network that came from an Internet address belonging to the US Department of Homeland Security, Secretary of State Brian Kemp today sent a letter to Homeland Security Secretary Jeh Johnson demanding an explanation.

The network contains the Peach State’s voter registration database and registration information for Georgia’s corporations and licensed professionals. The hack, which occurred on the morning of November 15th, was detected and stopped without the firewall being breached by the private network security firm under contract to the Secretary of State.

According to Secretary of State Legal Counsel David Dove, after being notified of the breach, the Secretary of State’s office and its security provider immediately began an internal investigation to determine what happened and to ensure that no data had in fact been breached. The investigation then worked to identify and verify the origin of the attempted breach, which turned out to be somewhere within DHS. Only after its investigation got as far as it could did Secretary Kemp write Johnson.

In the letter to Johnson, Kemp stated that DHS never notified his office about the attempted breach.

At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network. Moreover, your Department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created.

After noting that attempting to gain access to a protected computer system is illegal, Kemp asked Johnson whether DHS conducted the scan, and if it did, who authorized it. Kemp also asked if there were any systems in other states that were subjected to similar unauthorized scans, and if so, which ones.

After the Department of Homeland Security proposed declaring elections equipment critical infrastructure this summer, Kemp spoke against the proposal, and eventually declined an offer by DHS to monitor the security of its election systems.

The letter, copies of which were sent to Georgia’s Senators and Representatives, is below.

Leave a Reply

Please Login to comment
2 Comment threads
1 Thread replies
Most reacted comment
Hottest comment thread
3 Comment authors
Will DurantAndrew C. Popexdog Recent comment authors
newest oldest most voted
Notify of

Very odd. I don’t know what ‘a large unblocked scan event’ is but I would think that if DHS made a serious effort at getting by a firewall they could protect their IP address in the process unless they wanted it found, and I can’t think why that would be.

Will Durant
Will Durant

Agreed. Color me dubious. IP numbers can easily be spoofed. Homeland Security ain’t the NSA but I doubt they are this incompetent.

The SoS can show his work like he did with the “thousands” (12, 13?) of fraudulent voter registrations in all of those boxes a couple of years ago.

While he is at it he can produce the results of the Ernst & Young audit of his IT department he promised after the data leak last year.

Andrew C. Pope
Andrew C. Pope

“As Georgia’s Secretary of State I take cybersecurity very seriously.”

When I think “person who cares about the security of voter data and people’s personal information,” the first guy I think of is Brian Kemp.