The Homeland Security Department wants to surge its ability to train critical infrastructure owners and operators on cybersecurity, according to a contracting document released Wednesday. The department is seeking a video conferencing service that it can use to provide cybersecurity webinars to 5,000 or more critical infrastructure operators simultaneously, according to the contracting document. The term critical infrastructure refers to 16 sectors the government has determined are vital to the nation’s successful operation. They include hospitals, banks, energy plants, dams and transportation hubs such as airports and train stations. The department officially designated election infrastructure, such as voting machines and voter rolls, critical infrastructure in January 2017, after Russian efforts to breach those systems during the 2016 elections.
The biggest concern for election security isn’t about Election Day — it’s about the day after, Department of Homeland Security Secretary Kirstjen Nielsen said. “My biggest concern is that a foreign entity will take the opportunity after the election, or the night of the election, to attempt to sow discord through social media by suggesting that something’s not working as it should in a particular area,” Nielsen said Friday morning at a Council on Foreign Relations event in New York. The conversation with Nielsen about comes just four days before Election Day and amid major DHS efforts to protect the US elections from foreign interference. That includes assisting election officials in all 50 states, creating its own center toprotect critical infrastructure, and attending Defcon to learn about voting machine flaws. While DHS is working to protect the machines and make sure voting officials are prepared, it’s that wave of disinformation on social media that’ll follow the election that Nielsen’s most worried about.
National: Fewer than half of US states have undergone federal election security reviews ahead of midterms | ABC
With only a week left before the 2018 midterm elections, fewer than half of U.S. states have submitted to a Department of Homeland Security assessment of their vulnerabilities to vote hacking. Under the department’s National Protection and Programs Directorate, the agency branch that coordinates cyber protection of U.S. infrastructure, a team of DHS officials are prepared to examine statewide election systems. They can check for cybersecurity vulnerabilities and run in-person exercises like phishing tests to ensure election officials are prepared to guard against attempts to hack their email accounts. The Department of Homeland Security has already provided or is scheduled to provide the service, which is free for states that request it, to only 21 states, a department spokesman told ABC News, concerning election experts who fear some states may not be aware of potential vulnerabilities.
lection officials across the US are inundated and confused by the plethora of free cyber-security offerings that the private sector has made available in the past months, a Department of Homeland Security official said last week. … But while the actions of these companies were driven by a desire to help, a DHS official says these free offerings have managed to create confusion with some election officials. “So what we’ve seen is a lot of the cyber-security companies and the IT companies offering free services, which I think is a great move forward,” said Christopher Krebs, Under Secretary for National Protection and Programs Directorate at the DHS, in an interview on the Cyberlaw Podcast, last week.
National: Security Clearances Won’t Get in the Way of Responding to Election Cyber Threats, Officials Say | Nextgov
A lack of security clearances among some state and local election officials shouldn’t hinder the Homeland Security Department from responding speedily to Election Day cybersecurity threats, the department’s top cyber official said Wednesday. Even if state and local election officials don’t have the necessary authorizations to view a particular piece of threat information, Homeland Security Undersecretary Chris Krebs said he’s confident those officials will start trying to mitigate the threat if he asks them to. “I’m confident that if I had a piece of information right now …I could say: ‘Look, I’ve got something you need to see. You need to take action. It’s going to take me a day or two to get you the information, but, in the meantime, you need to take action,” Krebs during an election readiness summit hosted by the Election Assistance Commission.\ “We have trust established so there would be at least the beginning of an article of faith that they would do something,” he said.
A month out from the 2018 midterms, all eyes are on the Department of Homeland Security as it approaches its first real test since being given a broader election security mandate in the wake of the 2016 presidential elections. Speaking at a cybersecurity event hosted by the Washington Post, DHS Secretary Kirstjen Nielsen highlighted improvements in information sharing across the federal government and with state and local officials as well as closer relationships with stakeholders that will lead to faster coordination in the wake of an emerging threat. “First of all, the information sharing is much stronger than it even has been before,” said Nielsen when asked what had changed in the department’s approach since 2016. “So [we’re] working very closely with the intel community, and the moment that we see something significant we are — in conjunction with the IC — sharing with our state and local partners. The sharing is quicker, faster, more tailored.”
DHS will boost coordination and information sharing efforts on election security threats later this month in the run-up to the midterms, a senior agency official said Tuesday. The “heightened operational posture” will take effect Sept. 21, as absentee ballots begin streaming in, Bob Kolasky, director of DHS’s new National Risk Management Center, told reporters after a panel discussion at the Intelligence and National Security Summit in National Harbor, Md. The agency’s Election Task Force “continues to be the hub of DHS election activity,” according to Kolasky. But there will be “enhanced coordination” and “heightened information sharing” among the department’s various agencies and partners, including the Defense Department, 45 days before voters go to the polls, Kolasky explained. He noted that while the increase is in part time-driven, there are no plans “to change the nature of how we work with states in the run-up to the elections.”
National: DHS chief calls on officials in all 50 states to have ‘verifiable’ ballots by 2020 election | The Hill
Homeland Security Secretary Kirstjen Nielsen on Wednesday called on election officials in all 50 states to ensure that ballots used during the 2020 presidential election are able to be audited. Nielsen told a group of reporters touring the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va., that she wants “all state and local election officials to make certain that by the 2020 presidential election, every American votes on a verifiable and auditable ballot.” “Our systems must be resilient. We must be able to demonstrate that the votes count and that they are counted correctly,” she added.
With all the concern over cybersecurity heading into the midterm elections, it’s actually quite difficult for outsiders to directly manipulate votes. Unlike corporate networks and email systems, voting machines aren’t connected to the internet, making them hard to access. So as government officials prepare for the hotly contested congressional elections in November, their focus is more on protecting the integrity of the systems that support the pre- and post-voting periods than on the ballots themselves. “This is about more than just voting machines,” Jeanette Manfra, the top cybersecurity official at the Department of Homeland Security, told CNBC in an interview on Wednesday. “If an [attacker] was intent on sowing discord, how could they do that? It involves us looking at the broad elections administration process.”
National: DHS works to strengthen election security on heels of bipartisan legislation | BiometricUpdate
What one congressional observer called, “a day late and a dollar short,” the bipartisan Prevent Election Hacking Act of 2018 (HR 6188) was recently introduced and referred to the House Committee on House Administration. If passed, it would “direct the Secretary of [the Department of] Homeland Security [DHS] to establish a program to improve election system cybersecurity by facilitating and encouraging assessments by independent technical experts to identify and report election cybersecurity vulnerabilities, and for other purposes.” An industry cybersecurity official said on background to Biometric Update that, “HR 6188’s potentially ground breaking — sorry, overstated deliberately — concept of outsourcing cybersecurity execution to the private sector is something worth looking into.”