With a contentious race for the American presidency underway and fears of foreign influence in electoral politics growing, state governments are looking for ways to bolster their position before voters hit the polls. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) recently published its 2020 election security strategic plan to help meet that mission, outlining how it hopes to assist states before this year’s presidential contest unfolds. That assistance will come in a number of forms: engaging the nation’s some 8,000 election jurisdictions with planning and response capabilities; facilitating coordination between various state, local and private stakeholders; and deploying personnel to offer assessment and testing of voting infrastructure, including cyberhygiene and penetration tests. At the same time, CISA is also offering assistance to political campaigns and infrastructure, giving security assessments and information sharing services to them, while also highlighting the work of other important intelligence organizations like the Multi-State Information Sharing and Analysis Center and the Elections Infrastructure Information Sharing and Analysis Center. The CISA report also shines a spotlight on a number of states that are currently role models for election security practices.
One of those states is Illinois, a state which was among the dozen or so hacked by Russian agents during the 2016 election, but has since rebounded by implementing programs like its now renowned Cyber Navigators.
Launched in 2018 with the help of a $13 million federal grant from the Help America Vote Act (HAVA), the program gives the state’s 108 regional election officials the tools they need to defend themselves by connecting them with security experts who can advise on best practices.
The Navigators program is run out of the Department of Innovation and Technology (DoIT) and overseen by the Board of Elections’ Cybersecurity Information Sharing Program (CISP). Navigators assist with a number of tasks, including cyberhygiene reviews of infrastructure, guidance on software patching, and review or development of incident response policies.
Neil Herron, a CISP manager and one of the primary architects of the program, said that the biggest challenges for the state’s counties are the same ones that communities face across the country: lack of staffing, security awareness and funding.
“In a lot of areas that hardest part is just getting an IT staff. A lot of them don’t have money for an IT staff,” he said, speaking with Government Technology.
Herron, a former Navy officer with a background in cryptology, works within CISP alongside DoIT and the Navigators on a number of tasks, including maintaining relationships with election officials, sharing best practices, and communicating threat intelligence between them and federal and state partners.
Herron says while securing the state’s voting infrastructure is a big concern, one of the things he worries most about is something he ironically has little control over: foreign influence campaigns conducted through social media.
“Just confirmation bias alone makes us want to fall for some of the stuff they put out,” he said. “That’s the whole thing with Russia specifically: their goal is to push the wedges, to widen the divisions that we already have in society … Which is really something that [enemies] have always done, but it’s just easier now because of the Internet.”
Full Article: DHS Publishes 2020 Strategic Plan for Election Security.