Former CISA Director Krebs again defends election security efforts

Chris Krebs, who was fired last month as director of the Cybersecurity and Infrastructure Security Agency by President Donald Trump after saying that the 2020 presidential election was “the most secure” in U.S. history, repeated that message as a private citizen Wednesday to the Senate Homeland Security Committee.

Speaking during a session that the panel’s chairman, Ron Johnson, R-Wis., convened for the purposes of “examining irregularities” with the Nov. 3 election, Krebs held up the work done by his former agency and by state and local election officials who spent nearly four years replacing voting equipment, refining security practices and ensuring that nearly every ballot cast was recorded on paper.

“There are a number of different computers, systems, machines involved in the entirety of the election process from registration to ballot design to ballot printing to actual voting, to tabulation,” Krebs said in response to Johnson asking about technologies used in the voting process. “But election officials are very careful that technology is not a single point of failure and that there are security controls before, during and after the process. As long as you have the paper — you can’t hack paper — you can run that process.”

While Johnson and some of his fellow Republican members — as well as other witnesses a group that included some of the attorneys who’ve represented Trump in his unsuccessful lawsuits seeking to overturn his electoral loss — brought up evidence-free claims of fraud, much of the hearing focused on the misinformation about the voting process that’s flooded social media in the weeks since Election Day, as well as the threats and harassment received by election officials.

Krebs said that while it’s “pretty straightforward” to debunk the claims, often promoted by the outgoing president and his supporters, that equipment manufactured by certain vendors switched people’s votes, their ongoing prevalence has had deleterious effects on democracy and on the people who conduct the election process.

“We’re past the point where we need to be having conversations about the outcome of this election,” Krebs said. “I think continued assaults on democracy, and the outcome of this election, is ultimately corrosive to the institutions that support elections.”

He singled out a 22-page report on voting machines in Antrim County, Michigan, that claimed there was a 68% error rate in the tabulation process. While the report has been cited by Trump as proof of malfeasance, Krebs said he could tell it was “factually inaccurate” when the report’s authors mistook a line of placeholder code present in Windows-based systems — Krebs is a former Microsoft executive — as something nefarious.

More election assistance grants

In between questions about misinformation and the authenticity of the Nov. 3 vote, Krebs did make a case for further federal investments in states’ election efforts, including a “steady stream” of funding, instead of the tranches of election assistance grants that’ve been handed out sporadically in 2018 and earlier this year.

That money, he said, could help “fully eradicate” the paper-free voting machines still used in a handful of states (about 95% of all ballots in 2020 had a paper record, according to CISA), and implement more advanced network security measures for systems like voter registration databases.

While Albert monitors, the network intrusion devices sold by the Center for Internet Security, which operates the Election Infrastructure ISAC, has given CISA and its partners “good insight” into election officials’ systems, Krebs told Sen. Rob Portman, R-Ohio, that additional funding could help states go further with tools like endpoint detection and response platforms with mitigation capabilities.

‘They’ve taken root’

But Krebs warned senators that despite the efforts by his former CISA colleagues and others to correct misinformation, the threats and harassment against election workers has only ramped up.

“It’s these fanciful claims of dead dictators and computer algorithms, and we’re debunking them because they’re nonsense,” he said. “But they’ve taken root and some people just don’t want to hear how these systems actually work.”

He cited a recent speech by Gabriel Sterling, Georgia’s voting systems implementation manager, about precinct-level workers and IT contractors being harassed. (Krebs has also been the target of death threats, and is currently suing a Trump campaign lawyer those statements.)

“The hundreds of thousands of election workers that risked their lives — and that’s not a joke, there’s a global pandemic — they went to work so that you and I could go vote,” Krebs said. “They had to deal with incredible adversity, and then at the end of it, risking their lives, they get death threats for doing their jobs, for standing up, speaking truth to power, putting country over party. That’s gotta end.”