Federal Leaders Lean In on Election Security
Rob Joyce, senior adviser for cybersecurity strategy to the director of the NSA, remains one of the most well-respected voices in federal cybersecurity. He recently retweeted comments from the NSA director, Gen. Paul M. Naksone (another FedTech Influencer), who noted that NSA and U.S. Cyber Command are squarely focused on ensuring “safe, secure and legitimate 2020 elections.”
Commander, US Cyber Command, & Director, @NSAGov, Gen. Paul Nakasone: "Our number one goal, our number one objective at the National Security Agency and USCYBERCOM: a safe, secure and legitimate 2020 elections" #AUSA
— @U.S.CyberCommand (@US_CYBERCOM) July 20, 2020
CISA Director Chris Krebs recently echoed that sentiment by highlighting his agency’s work with the EAC, NSA, FBI, Office of the Director of National Intelligence, National Association of State Election Directors and National Association of Secretaries of State. “#Protect2020 means ensuring American voters decide American elections,” Krebs tweeted.
#Protect2020 means ensuring American voters decide American elections. @CISAgov is proud to partner w/ @ODNIgov @EACgov @NASSorg @NASEDorg @FBI @NSACyber @US_CYBERCOM (and countless others!) to protect the 2020 election. https://t.co/mF6aKI438w
— Chris Krebs (@CISAKrebs) July 24, 2020
Krebs’s tweet promoted a statement from William Evanina, director of the National Counterintelligence and Security Center, in which he noted that election security remains a “top priority” for the intelligence community, which is supporting DHS and the FBI.
Evanina’s statement noted that it is imperative to “share insights with the American public about foreign threats to our election and offer steps to citizens across the country to build resilience and help mitigate these threats.”
Meanwhile, Matthew Masterson, CISA’s senior cybersecurity adviser on election security, tweeted a link to a CISA planning guide for election officials. “One of the simplest things an election office can do to #Protect2020 is creating or updating their incident response plans,” he noted.
One of the simplest things an election office can do to #Protect2020 is creating or updating their incident response plans. Check out this guide & workbook from @CISAgov to help you get started: https://t.co/AAi4qZxJJN
— Matthew Masterson (@mastersonmv) July 14, 2020
The guide and associated templates are “voluntary tools to help jurisdictions effectively recognize and respond to potential cyber incidents. Election offices can use this information as a basic cyber incident response plan or integrate it into a broader plan based on their specific needs,” states CISA.
The templates, which can be customized to meet the specific needs of each jurisdiction, include key stakeholders and contact information worksheets for incident notification and response.
They also include incident notification plans, “providing standardized procedures for notifying appropriate stakeholders of a potential cyber incident based on observed symptoms and level of criticality,” according to CISA. The plans offer state and local officials a list of incident indicators or symptoms that “system users can reference to detect potential cyber incidents and initiate” appropriate notification plans for escalation and reporting.