The state of Georgia said it found evidence of an attempted hack on its voter registration database by a Department of Homeland Security device.
Brian Kemp, Georgia’s secretary of state, wrote a letter to Secretary of Homeland Security Jeh Johnson, saying that on Nov. 15, an IP address connected to DHS made an unsuccessful attempt at breaching Georgia’s firewall.
“At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network,” Kemp wrote. “Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network.”
The Georgia Secretary of State’s office keeps a voter registration database of information about more than 6.5 million state citizens, according to Kemp. A private cybersecurity firm hired by the state of Georgia detected the potential breach.
“Clearly this type of resource and service is necessary to protect Georgians’ data against the type of event that occurred on November 15,” Kemp said.
During the 2016 election cycle, Georgia was one state that didn’t request cybersecurity assistance from DHS because it had already begun using measures suggested by the agency, according to Kemp.
“I urge state and local election officials to seek our cybersecurity assistance. So far, 21 states have contacted us about our services. We hope to see more,” Johnson said in September. “By its nature, the assistance DHS provides is upon request, and voluntary for the recipient.”
The states that asked for DHS assistance weren’t required to follow any of the directives from the agency.
“Under 18 U.S.C. § 1030, attempting to gain access or exceeding authorized access to protected computer systems is illegal,” Kemp wrote. “Given all these facts, a number of very important questions have been raised and deserve your attention.”
