FBI to now notify state officials of cyber breaches

The FBI on Thursday announced a new policy intended to “clarify and guide timely” notification of state and local election officials of any cyber intrusions, marking a major shift three years after Russian intrusions during the 2016 elections.

The new internal policy mandates that a state’s chief election official and local election officials involved be notified as quickly as possible of any credible cyber threats to election infrastructure. It prioritizes working with other federal agencies, including the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), to notify these officials.

The previous policy of the FBI was to notify direct victims of a cyber intrusion, but not always state officials, a stance politicians have protested against, particularly in the wake of findings from former special counsel Robert Mueller that Russians were able to infiltrate systems in at least one Florida county in 2016.

The FBI wrote in a statement announcing the new policy that “decisions surrounding notification continue to be dependent on the nature and breadth of an incident and the nature of the infrastructure impacted.”

The agency added that “it is the intent of the FBI that this new policy will result in increased collaboration between all levels of government for the integrity and security of U.S. elections.”