A government watchdog agency is investigating allegations that Department of Homeland Security officials improperly attempted to breach the Georgia secretary of state’s internal elections network last year.
In a Jan. 17 letter to Georgia Secretary of State Brian Kemp, DHS Inspector General John Roth said his office was probing “a series of ten alleged scanning events of the Georgia Secretary of State’s network” that may have originated from DHS-affiliated IP addresses.
DHS IG spokeswoman Erica Paulson confirmed the office has launched an investigation.
Georgia officials first went public with their allegations in December. According to a Dec. 8 letter from Kemp to then-Secretary Jeh Johnson, the state’s third-party cybersecurity provider detected a “large unblocked scan event” on the morning of Nov. 15, several days after the election.
The alleged effort to penetrate the secretary of state’s firewall was traced back to an IP address at DHS’ Southwest D.C. office -- and did not succeed in breaking through.
But DHS has argued that what Georgia detected was simply a contractor performing routine duties.
After a preliminary review of the incident, Johnson told Kemp that the workstation involved was used by a contractor with the Georgia-based Federal Law Enforcement Training Center (FLETC).
“We interviewed the contractor and he told us that he accessed your website as part of his normal job duties,” said Johnson in a Dec. 12 response, in which he also denied that IP address was ever used to conduct security scans.
Johnson also said the contractor was not a member of DHS cybersecurity team and was only trying to determine whether contractors and new employees had certain professional licenses.
Unsatisfied by the explanation, Kemp, a member of DHS’ federal election security task force, reached out to President Trump before he took office to request an IG probe into the Nov. 15 activity and nine other apparent attempts dating back to February 2016.
“Could it be normal web traffic that triggered a red flag? Sure, but when you look at the dates there are some interesting correlations between my calendar and when the contacts were made," Kemp told Fox News.
The nine other alleged incidents flagged by Kemp correspond to key election dates and times when Kemp was speaking out against DHS’ plans to designate elections systems as “critical infrastructure.”
The DHS officially classified the election system as “critical infrastructure” in early January. The move was not welcomed by many secretaries of state.
The designation is “legally and historically unprecedented” and raises “many questions and concerns for states and localities with authority over the administration of our voting process,” the National Association of Secretaries of State said in a statement.
It's unclear whether the current IG probe, first reported by The Daily Caller, is being conducted at Trump's behest.
House Oversight and Government Reform Committee Chairman Jason Chaffetz, R-Utah, similarly asked the DHS inspector general to launch an inquiry. He further requested the department provide to his committee all of Johnson’s correspondence with Kemp.
Chaffetz argued the intrusions, if true, “implicate state sovereignty laws” and constitutional laws.
According to Kemp, the IP address affiliated with the contractor was tied to scans of systems in Kentucky, West Virginia and Maine despite DHS’ insistence that no authorized or unauthorized scans were conducted by that workstation.
Last September, DHS offered to provide states assistance with election security, including “cyber hygiene” scans designed to find any irregularities or vulnerabilities, but Georgia and several other states declined the offer.