Security

The Role DHS Can Play in Election Security

DHS can play an advisory role in helping state and local governments bolster their cybersecurity ahead of November.

Mark Erbach is Business Development Director for Advanced Programs at CDW•G.

Voting and the integrity of the democratic process are integral aspects of American society and need protection as much as the country’s electrical grid, water supply and financial system.

As Americans across the country continue to cast votes in the presidential primaries, whether by mail or in person, the Department of Homeland Security says it is much better positioned to tackle election interference and hacking than it was in 2016.

Numerous agencies — including DHS, the Justice Department, the State Department, the National Security Agency and the FBI — recently released a statement highlighting their coordination and warning that “foreign actors continue to try to influence public sentiment and shape voter perceptions.” The attackers are likely to target not just voter registration databases and vote tallies, but also will aim to manipulate voters by spreading deepfakes on social media.

The DHS’ Cybersecurity and Infrastructure Security Agency has been coordinating closely with the Elections Infrastructure Information Sharing and Analysis Center, run by the Center for Internet Security, to establish channels of communication with state and local government agencies and offices.

CISA also recently released a 58-page guide, its “Elections Cyber Tabletop Exercise Package,” which it calls a “tabletop in a box.” The guide is designed to allow state and local officials to conduct election security drills simulating phishing and ransomware attacks, corrupted voter registration information, disinformation campaigns, and attacks on voting equipment.

The Nature of the Election Security Threat

Election administrators and cybersecurity officials say that one of the main threat vectors is obviously external attacks, including those from nation-state actors.

CISA is working with 8,800 election jurisdictions to put in place risk assessments and other cybersecurity procedures, CISA Director Chris Krebs said in February at the 2020 RSA conference, according to Government CIO. The agency is still emphasizing paper backups for voting machines but is also pushing state and local agencies to implement security protections for voter registration databases.

“We tried to figure out where the risk really is across these systems,” Krebs said. ”What we discovered, not surprisingly, is the areas where information is centralized, and it’s highly networked — that’s where the risk is. And where is that? Voter registration databases.” Krebs warned that the threat of ransomware attacks against voter registration databases is a key concern, according to Business Insider. CISA is working with state and local law enforcement to combat the threats. “We can figure this out together,” he said at the RSA conference, Business Insider reports.

Election officials need to make sure that they are protecting their data centers with next-generation firewalls and packet-level inspection to ensure that malicious actors are not getting through.

Another element of the threat is insider attacks. Even the best defenses can’t guarantee security against insider threats.

How DHS and Other Partners Can Help

DHS and others are offering clear solutions to these threats.

As Politico reports, newly proposed voluntary voting system guidelines from the U.S. Election Assistance Commission advisory group will “require voting machines and ballot scanners to be air-gapped from networked devices, such as e-poll books that access voter registration databases.”

In addition to cybersecurity assessments and information sharing, CISA can provide services such as Continuous Diagnostics and Mitigation services. CDM “enables network administrators to know the state of their respective networks at any given time, thus reducing the attack surface of their networks; informs on the relative risks of threats; and makes it possible for system personnel to identify and mitigate flaws at near-network speed.”

CISA also offers intrusion detection and prevention services through approved service providers; incident response, management and coordination activities for cyber incidents occurring in the critical infrastructure sectors; and dynamic analysis of malicious code.

Another way to combat insider threats is through an approach known as Security Management Infrastructure, a modular security approach that combines incident detection, analysis, correlation and reporting; behavior analysis; intrusion detection; autonomous collection, analysis and reporting; and continuous monitoring of key assets.

A dashboard summarizes security events, risks and alerts in real time and gives security analysts constant visibility into an agency’s network. The solution can alert analysts to any deviation in user behavior or system security so that analysts can respond quickly.

All state and local election officials need to be on alert ahead of November. Thankfully, they have a clear and capable partner in DHS and in private sector vendors.

Neil Jenkins, the chief analytic officer at the Cyber Threat Alliance, notes that “election officials are in a much better place in 2020 than they were in 2016.”

“It takes time to build partnerships and trust,” Jenkins says. “DHS has worked hard to be responsible stakeholders with the election community, and election officials are doing everything they can to improve their security and resilience in combination with the federal government and the EI-ISAC.”

This article is part of FedTech’s CapITal blog series. Please join the discussion on Twitter by using the #FedIT hashtag.