The state of Georgia is asking President-elect Donald Trump to investigate what it described as "failed cyberattacks" on its secretary of state's network that it traced to the Department of Homeland Security.
In a letter Tuesday, Georgia Secretary of State Brian Kemp said his staff has uncovered nine more instances this year in which computers they traced back to DHS apparently attempted to infiltrate the state's network between Feb. 2 and Nov. 8. His letter followed earlier complaints that his office had detected what it called "a large attack on our system" one week after the presidential election. Trump's transition team did not immediately respond to a request for comment.
Kemp said the additional scanning activity from Washington didn't raise major red flags because it was considered less intrusive, but he said the timing was concerning because it corresponded to dates and times he spoke critically about the department's plan to designate elections systems as "critical infrastructure."
The dates include the date Kemp testified against the agency's plan before the House Oversight Committee, the day of a conference call discussing the designation a critical infrastructure designation with Georgia officials and Election Day, he said.
Discussions about whether to designate elections systems as critical infrastructure surfaced after hackers targeted the voter registration systems of more than 20 states in the months prior to the election. Some state officials worried the designation would amount to a federal takeover of election systems.
Kemp testified Sept. 28 before a House Oversight subcommittee, saying more federal oversight could make systems more vulnerable and could make protected records more accessible. He said the Homeland Security proposal came from "an agency completely unfamiliar with the elections space and raised the level of public concern beyond what was necessary."
Unbeknownst to him at the time, he wrote, his network had been scanned hours prior to his testimony.
There are currently 16 sectors considered critical infrastructure, including energy, health care and transportation. The designation means the secretary is required to conduct comprehensive assessments of vulnerabilities and track and provide information on emerging and imminent threats.
Kemp, who is a member of the U.S. Election Infrastructure Cybersecurity Working Group run by DHS, first wrote the agency on Dec. 8 accusing it of apparently trying to hack his network to test its security on Nov. 15.
Homeland Security Secretary Jeh Johnson sent Kemp the results of an initial review Monday about the computer Georgia believes was involved.
The workstation belongs to a contractor for the Federal Law Enforcement Training Center in Georgia, Johnson said. The contractor told investigators he was accessing the website as part of his normal job duties to determine whether incoming contractors and new employees had a certain type of professional license, Johnson said.
Johnson said technical information indicated "there was no scanning of your systems by our cybersecurity experts."
A department official told The Associated Press last week that the employee's system was configured in a way that caused Georgia's outside security vendor to misinterpret the visit as a scan of its systems. The official spoke on condition of anonymity because this person was not authorized to publicly discuss preliminary findings.
Kemp said his staff was unable so far to confirm the explanation. "There are still many questions regarding the origin and intent of this attack that remain unanswered," he said.
Georgia was one of two states that did not accept offers by DHS to scan their network ahead of the presidential elections. The FBI warned state officials of the need to improve their election security after hackers attempted to hack systems in Illinois and Arizona months before the election.