Security Experts:

Connect with us

Hi, what are you looking for?



Bipartisan Legislation to Require DHS Alerts on Election Hacking

Bipartisan legislation formally unveiled this week would require the Department of Homeland Security to send notifications on breaches affecting the election systems. 

Bipartisan legislation formally unveiled this week would require the Department of Homeland Security to send notifications on breaches affecting the election systems. 

Unveiled by U.S. Reps. Michael Waltz (R-Fla.) and Stephanie Murphy (D-Fla.), the legislation would require DHS to inform state and local officials and certain Members of Congress, as well as potentially affected voters.

The legislation, H.R. 3529, the Achieving Lasting Electoral Reforms on Transparency and Security (ALERTS Act), follows reports on Russian hackers gaining access to the computer networks of two Florida counties prior to the 2016 U.S. election. 

“It has now been nearly two months since Florida delegation members were briefed by the FBI on the two hacked counties in Florida – and the voters in these counties still don’t know if Russians have accessed their personal data,” Waltz said. 

The bill would require federal officials to promptly alert appropriate state and local officials and Members of Congress when there is credible evidence that an election system has been breached and voter information believed to have been altered or otherwise affected. 

State and local officials would then be required to alert potentially affected voters of the incident. 

A narrow exception is created for public alerts if such notifications are determined to potentially compromise intelligence sources or methods, or to negatively impact ongoing criminal investigations. 

18 other Members of Congress cosponsored the bill, namely Florida Reps. Vern Buchanan, Charlie Crist, Ted Deutch, Mario Diaz-Balart, Matt Gaetz, Brian Mast, Debbie Mucarsel-Powell, Donna Shalala, Darren Soto, Ross Spano, John Rutherford, Debbie Wasserman Schultz, and Ted Yoho, along with Reps. Jodey Arrington (Texas), Brian Fitzpatrick (Pa.) and Kendra Horn (Okla.).

A March 2019 report concluded that, in the months leading to the 2016 election, Russian military intelligence officers sent spearphishing emails to more than 120 email accounts of Florida county elections officials. Thus, the network of at least one Florida county government was compromised in the attack.

In May, during a classified briefing with the U.S. Department of Justice (DoJ) and the Federal Bureau of Investigation (FBI), the Florida congressional delegation learned that Russia infiltrated a second county. 

“We need a notification standard for election hacks, which will increase public transparency on the vulnerabilities of our election infrastructure and help strengthen our democratic process,” said Murphy. 

“The FBI’s notification protocol is inadequate and unacceptable. Voters and state and local officials have the right to know when personal information has been compromised,” Waltz said.

Related: Russia Effort in 2016 US Election Was ‘Vast,’ ‘Professional’

Related: Florida Effort to Block Election Hacking Gets Extra $2M

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...