Comey Says FBI Takes State Election Board Hacks ‘Very Seriously’

A day after news broke that the FBI had detected hacks on two state Board of Election sites in July and August, FBI Director James Comey said the agency takes election cybersecurity “very seriously.”

“We take very seriously any effort by any actor, including nation-states, maybe especially nation-states, that moves beyond the collection of information about our country and that offers the prospect of an effort to influence the conduct of affairs in our country, whether that’s an election or something else,” Comey said. “Those kinds of things are something we take very, very seriously, and work very, very hard to understand so that we can equip the rest of our government on how to deal with it.”

Comey spoke Tuesday on the FBI’s relationship with the private sector and how both can better address the increasingly problematic cybersecurity issues facing both government and industry. He also addressed the debate over encryption, calling for a “mature conversation” about the issue, rather than taking extreme sides.

“Tech companies, last year, wrote a letter to the president that I found, honestly, depressing,” Comey said. “It was a letter that wonderfully described the benefits of encryption. And as I read it paragraph to paragraph I thought, ‘yup, absolutely, absolutely, that’s really, really important, that’s really, really important.’ And the letter ended without any acknowledgement of the cost of widespread, ubiquitous, strong encryption, especially by default.”

Comey acknowledged that strong encryption was important and something that he supported personally, but also that there was no such thing as absolute privacy in any part of America. Absolute encryption has created “shadowed areas” that law enforcement cannot access, regardless of whether they have a warrant.

“And my reaction to that was that either they don’t see the costs, or they’re not being fair-minded about acknowledging the costs, which is going to make the conversation even harder, and that’s a bit depressing,” Comey said.

Though he was critical of the tech industry’s stance on encryption, Comey also reached out to the private sector to encourage communication when a company encounters a cyberattack.

“We have to work better with the private sector to address these threats,” said Comey.

He added that often companies prioritize moving on with their operations, rather than going through the process of contacting and working with law enforcement.

“We need you to talk to us,” he said. “I actually think our long-term interests are the same, because you’re kidding yourself if you think that problem is going to go away and not return to victimize you.”

Comey pointed to ransomware, and the inclination to simply pay the ransom and move on, as a particular problem.

“We’re going to hound you, and explain to you over and over and over again why it’s in your interest, and why, as a matter of practice, we can work well together,” Comey said. He emphasized greater communication within the government as well, noting that different FBI offices, as well as state and local officials, should make more of an effort to work together on these problems.

Jessie Bur
About Jessie Bur
Jessie Bur is a Staff Reporter for MeriTalk covering Cybersecurity, FedRAMP, GSA, Congress, Treasury, DOJ, NIST and Cloud Computing.
No Comments

    Leave a Reply