Federal Politics

Published — August 20, 2015 Updated — October 21, 2015 at 3:17 pm ET

Federal Election Commission refuses to release computer security study

Flaws in election regulator’s systems highlighted in Center for Public Integrity story

Introduction

Next to the Federal Election Commission’s front door is a quotation from former U.S. Supreme Court Justice Louis Brandeis: “Sunlight is said to be the best of disinfectants.”

But the agency is refusing to uncloak a pricey, taxpayer-funded study that details decay in the security and management of its computer systems and networks, which the Center for Public Integrity revealed had been successfully infiltrated by Chinese hackers in October 2013.

The report — known within the FEC as the “NIST study” — also provides recommendations on how to fix the FEC’s problems and bring its computer systems in line with specific National Institute of Standards and Technology computer security protocols.

In denying the Center for Public Integrity’s Freedom of Information Act request for a copy of the study, the FEC primarily cited the “deliberative process privilege” in federal law, which is designed to “prevent injury to the quality of agency decisions.”

The Center for Public Integrity has appealed the decision of the FEC, which is responsible for enforcing and regulating the nation’s election laws and providing timely public disclosure of fundraising and spending by thousands of federal political candidates and committees.

The Center for Public Integrity did obtain through its Freedom of Information Act request 18 emails that together indicate top FEC staffers have for months considered this study — and the safety issues it addresses — a top priority.

FEC Chairwoman Ann Ravel, a Democrat, said Thursday that the FEC is not releasing the study because “the concern is that it contains information that details potential vulnerabilities.” She added that she believes, “without question, that the agency will be more secure” when it fixes problems pointed out by the study’s findings.

Ravel declined to discuss commissioners’ deliberations on the security study. Vice Chairman Matthew Petersen, a Republican, did not return a request for comment, nor did Commissioner Lee Goodman, a Republican who served as FEC chairman when the agency commissioned the study.

But Ravel confirmed that commissioners in July reviewed the study, which had been overseen by FEC Staff Director and Chief Information Officer Alec Palmer and conducted by Luray, Virginia-based consulting firm SD Solutions LLC.

An FEC employee familiar with the matter said commissioners in July conducted a closed-door meeting and approved hiring an outside firm to implement the study’s various recommendations. In a separate July meeting, the commission’s finance committee approved spending about $400,000 to pay for security improvements. Hiring a contractor remains a work in progress, the source said.

The security study itself wasn’t cheap: The FEC on Aug. 15, 2014, paid SD Solutions LLC $199,500 for what’s described in federal contract records as an “information technology gap analysis.”

A “gap analysis,” in government parlance, compares some aspect of a federal agency’s actual performance with what an agency would consider ideal performance.

Less comprehensive reports on the FEC’s security systems, including a broad annual survey of agency operations by contractor Leon Snead & Co., have highlighted notable flaws in the FEC’s computer and information technology systems.

“Without adopting and implementing National Institute of Science and Technology minimum security controls, the FEC’s computer network, data and information is at an increased risk of loss, theft, manipulation, [and] interruption of operations,” Leon Snead & Co.’s 2012 report stated.

FEC officials bristled at such assertions, saying its “systems are secure.”

Revelations in December 2013 about the Chinese hacking incident, which crippled its computer systems, changed the agency’s attitude.

Ravel acknowledged that “there was a lot of internal discussion” by FEC officials about security, and by early 2014, Goodman and Ravel — often at odds with one another politically and ideologically — said they were united in improving the FEC’s computer systems.

From there, the agency made steady progress toward improving its computer security.

It quickly began hiring new IT staffers.

In March 2014, the FEC requested Congress allocate it $1.51 million to address its obsolete computer systems.

And come the summer of 2014, the agency was seeking a contractor to comprehensively review those systems. It hired SD Solutions LLC to do the work.

In an email on Aug. 21, 2014, Palmer, the FEC’s staff director and chief information officer, told Goodman and Ravel that his staff was preparing for the study by “working on the timeline of all security related improvements and activities over the past 9 months and timeline related to the NIST study.”

On Oct. 31, Palmer thanked Deborah Tibbs, his special assistant, for attending a training course that would aid her in helping manage the study’s contract.

“We all know how critical this is in improving our security posture here at the FEC,” Palmer wrote Tibbs.

Contractor SD Solutions LLC appears to have completed its work this spring. On June 10, Palmer asked FEC Chief Information Security Officer Esteve Mede for an update on the study’s status.

“[W]e need to get the recommendations into the hands of the commissioners by the end of this month including all the cost related issues benefits risks etc. so they can make a decision and then we can set up a contract for execution before the end of the fiscal year,” Palmer wrote.

By June 29, Palmer was racing to present the study’s findings to the FEC’s six commissioners. He emailed five colleagues to ask if he could cancel a meeting with them.

“I need every minute I can get to complete the NIST recommendations (from the NIST study) for Commission review by the middle of the week.

On June 30, Palmer sent FEC commissioners several documents, including security recommendations made by contractor SD Solutions LLC.

“These documents are not to leave the FEC,” Palmer wrote.

Shortly afterward, Shana M. Broussard, an aide to FEC Commissioner Steven Walther, emailed Palmer for additional information. She also alerted Palmer that Walther might “take you up on your offer to meet” about the study prior to a July 15 meeting of the commission’s finance committee.

On July 2, Palmer sent FEC Commissioner Steven Walther an email titled “*Confidential: Fw: NIST Study and Recommendations – Confidential Documents.” The documents were not included in the FEC’s FOIA request response.

The National Institute of Standards and Technology said it did not possess a copy the FEC’s study, and therefore, could not provide it in response to a separate Freedom of Information Act request from the Center for Public Integrity.

This story was co-published with Poynter.

Read more in Federal Politics

Share this article

Join the conversation

Show Comments

11
Leave a Reply

avatar
9 Comment threads
2 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
8 Comment authors
SOUTH JERSEYTed SiroisMark SullivanTom LarkinAnonymous Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
Mark Sullivan
Guest
Mark Sullivan

Trump needs to conduct these activities because the entire MSM media, excluding Fox, is campaigning against him 24/7/365.

Didn’t Monica’s boyfriend’s wife and various criminal enterprises outspend Trump by almost 2-1?

CapitalistRoader
Guest
CapitalistRoader

Why wouldn’t he get an early start on fund raising? Hillary outspent him two-to-one in 2016. The Dem’s are the party of big money. The President knows this and is attempting to get a jump on it. Of course the Dem candidate will outspend him in 2020 so it’s only rational that he starts fund raising now.

George Young
Guest
George Young

Oh brother. We just 8 years of the Campaigner – in – Chief. Where was this journalistic rectal thermometer then. Just another article about 2000 words too long that merely takes another slap at Trump for something he far from initiated.

j stevenson
Guest
j stevenson

The big difference between Trump and all the rest is his refusing to accept funds from lobbyists, so they don’t have the White House access they are used to. These are the donors who buy the presidency and are as pixxed off that he won the election as are the media and the Dems. Lobbyists have never been shut out of the WH and Trump has told them he is not for sale.

jan v
Guest
jan v

all the lobbyists are running all our government agencies and all the career civil servants who know how to run the country have been fired. YOU think this is a good thing ? what a crock…

thomas alessi
Guest
thomas alessi

I am for Trump

Anonymous
Guest
Anonymous

Trump needs to be impeached and tossed in prison. Then have the key thrown away so he will never be free. Then he can see how it feels not to have freedom.

Mark Sullivan
Guest
Mark Sullivan

Thank you for the usual insightful leftist low IQ Snowflake response.

barney
Guest

hes not imprisoning them hes sending them back to their country chill tf out

SOUTH JERSEY
Guest
SOUTH JERSEY

WHY DONT YOU HAVE FREEDOM?

Tom Larkin
Guest
Tom Larkin

First, something positive. I was happy to learn of empirical information in article. BUT, the article was so slanted against President Trump as to be deemed fake news (“Perhaps Trump just lied.” (Two different issues)). The article mentions that President Trump raised over $67 million, but ended 2018 with $19 million. President Trump spent over $40 million 2016 and 2017. President Trump conducted 57 political rallies. The article notes the hats and T-shirts sold, but NEVER MENTIONS THE INCREASE IN THE NUMBER OF REPUBLICAN SENATORS during a mid-term election that lost the House and the number of political rallies in… Read more »

Ted Sirois
Guest
Ted Sirois

At least Trump is getting donations from willing donors. Fresh from his first election, Obama used billions of our children’s tax dollars to save thousands of union jobs in the car industry and bailed out the banks and many Wall Street businesses. This secured his source of reelection funds for his reelection four years later.

South Jersey
Guest
South Jersey

TRUMP 2020; IS AN AMAZINGLY SMART MAN! VERY ORIGINAL & CREATIVE. I AM HAPPY TO HAVE HIS AS POTUS.

SOUTH JERSEY
Guest
SOUTH JERSEY

THIS ARTICLE WAS OBVIOUSLY WRITTEN BY, A TRUMP-HATE-GROUP. THAT FEELS; IT IS NOT NORMAL TO BE SUCCESSFUL WITH YOUR OWN BRAND NAME. WHEN, IF FACT, IT IS NORMAL! >>>>> THIS IS >>> FAKE NEWS!!! <<<< ie: A PACK-OF-LIES; SPUN INTO; DEFAMATION OF CHARACTER. FOR A SINISTER-AGENDA OF; FASCIST DEMOCRATIC SOCIALIST, COUP D'ETAT

David
Guest
David

Are you on some kind of drugs? Writing in caps makes me think that you are grumpy old fart or a uneducated hillbilly.