The Federal Election Commission (FEC) is refusing to release an internal study of its vulnerable computer network, which Chinese hackers infiltrated two years ago.
The Center for Public Integrity, which revealed the hacking from October 2013, filed a Freedom of Information Act request to see a nearly $200,000 study performed by an outside company, SD Solutions, but the FEC rejected the request. That study reportedly discusses the security flaws in the FEC computer network and provides recommendations for fixing them.
FEC Chairwoman Ann Ravel told the center it would not publish the study because “the concern is that it contains information that details potential vulnerabilities.”
The agency is moving forward with fixing its computer problems. The center learned that commissioners moved last month to hire an outside firm to implement the study’s recommendations, but the agency has not yet decided whom to hire. The FEC has approved spending about $400,000 on the upgrades.
The Chinese cyber attack reportedly crippled the commission’s systems that inform the public about the billions of dollars raised and spent each election cycle by candidates, parties and political action committees.
Before the attack, other audits had raised concerns about the FEC’s computer system. “Without adopting and implementing National Institute of Science and Technology minimum security controls, the FEC’s computer network, data and information is at an increased risk of loss, theft, manipulation, [and] interruption of operations,” according to contractor Leon Snead & Co.’s 2012 report. The FEC’s response was that its “systems are secure.”