State election officials had more questions than answers after a Department of Homeland Security presentation explaining why election systems should be deemed critical U.S. infrastructure. Geoff Hale, DHS’ cybersecurity strategy and integration program manager, outlined the changes and benefits that the recent designation provides during a Feb. 14 Election Assistance Commission meeting. The primary benefits, Hale said, are added protections against nation-states, guaranteed priority in DHS assistance requests and greater access to information on vulnerabilities. “Without institutionalizing this through a designation of critical infrastructure, there’s no guarantee the services would be available,” he said. “Being critical infrastructure, there are a set of international norms that” prevent countries from attacking these networks, said Hale. “And potentially waiting nine months for a risk and vulnerability assessment may not work on a procurement timeline” for election officials. Hale also stressed that the “full threat information” available to states that opt in for DHS assistance is not subject to state sunshine laws or Freedom of Information Act requests.
In advance of the 2016 general election, several states including Georgia objected to the idea of a critical infrastructure designation, but most worked with DHS to make sure their voting systems were secure.
Some state officials at the Feb. 14 event continued to question the need for the designation, and pressed Hale about DHS’s specific plans to reach out to election officials.
Hale suggested the next step for DHS likely would be to set up a group of cybersecurity experts to engage willing local officials. However, he said he did not have a timeline as to when outreach might begin and was not yet sure what the engagement with election officials would look like in practice.
Full Article: DHS vague on rules for election aid, say states — FCW.