The Hunt and Incident Response Team from the National Cybersecurity and Communications Integration Center was deployed in August to offices in Annapolis, Maryland, at the request of state officials to examine the state's election infrastructure network enclave.
ANNAPOLIS, Md. (AP) — A U.S. Department of Homeland Security team found no evidence of intrusion on Maryland’s election system after the FBI told state officials that a company hosting certain elections systems had been acquired by a firm partly owned by a Russian oligarch. Still, the state’s elections board announced Thursday it will transition to a new data center “out of an abundance of caution.”
The Hunt and Incident Response Team from the National Cybersecurity and Communications Integration Center was deployed in August to offices in Annapolis, Maryland, at the request of state officials to examine the state’s election infrastructure network enclave, which is hosted and maintained by Annapolis, Maryland-based ByteGrid.
“During the course of the on-site engagement, HIRT did not positively identify any threat actor activity on the MDSBE, ByteGrid, or Enclave networks,” concluded the 15-page report released at the elections board’s meeting Thursday.
The board said while the report’s findings were good, the state will transition to a new data center for its elections systems.
“We are taking this decisive action out of an abundance of caution and have started the process to transition to a new data center and have a contract with a cybersecurity and technology firm to help us transition to a new data center,” the board said in a statement on its website. “This plan will alleviate our concerns with the current ownership of our hosting vendor and demonstrates our commitment to having the most secure election systems possible.”
Maryland officials asked for an evaluation of its election systems after learning in July about a transaction between a venture fund with Russian ties and a company involved in the state’s election infrastructure. The company, ByteGrid, did not disclose to state officials that it is financed by AltPoint Capital Partners, whose largest investor is Vladimir Potanin, a Russian oligarch who has close ties to Russian President Vladimir Putin. The FBI said at the time that they had no evidence of wrongdoing and notified the state elections board.
While onsite at the offices of the elections board and ByteGrid, the team searched for known malicious activities, including Russian state-sponsored cyber activity and North Korean state-sponsored cyber activity, the report said. The team also searched for known malicious cyber activities related to the Russian government targeting U.S. critical sectors, including elections infrastructure and energy, the report said.
The team also searched for patterns of activity that resembled common threat tactics, techniques and procedures, including unusual or unauthorized remote access and activity from unusual locations, the report said.
The report also made recommendations to “strengthen the overall resilience of these networks.” The recommendations relating to sensitive information about the elections network were redacted in the report made public to protect the systems and data, said Nikki Charlson, the board’s deputy administrator, though members of the state elections board have access to the recommendations.