Primaries Present Initial Test of Cybersecurity Efforts
DHS agency is working to support states’ voting security amid the pandemic and civil unrest.
Ten states and Washington, D.C., held primaries on June 2 as part of this year’s presidential and local election cycle. Along with other federal stakeholders, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, known as CISA, has the role of helping to protect American’s confidence in the voting process by providing cybersecurity and a secure voting infrastructure.
Primaries were held in Washington, D.C., Indiana, Iowa, Maryland, Montana, New Mexico, Pennsylvania, Rhode Island and South Dakota on Tuesday, where voters faced the continued COVID-19 pandemic—although under slightly different conditions from earlier primaries in the spring before states began recent reopening processes, explained senior CISA officials in a call with the media about their election security efforts. “We are in a reopening phase generally across the country,” one official stated. “And the second part is of course the ongoing civil unrest across the country.”
The increasing social unrest in response to police brutality provides another challenge to election officials, the representative said. In some locations, voting centers have to had coordinate with officials about local curfews, providing voter safety and increased mail-in balloting.
On Tuesday, CISA provided a cyber situational awareness room for local agencies to use, and many did on the day of the primaries, the agency indicated. “Of course, within that room we also have our partners from the Election Infrastructure ISAC [Information Sharing and Analysis Center], as well as the EAC [Election Assistance Commission], the FBI and other agencies,” the official said. “And we're seeing our partners being able to work with us quite effectively in this kind of different operating environment.”
On the classified side, cybersecurity monitoring to detect any nefarious activity also continues with intelligence community partners, another CISA official explained. In addition, the District of Columbia and every state does have cyber intrusion detection systems in place and each one is receiving some kind of service from CISA, the official noted, adding, “So, we're in a in a good spot in terms of visibility.”
In regard to COVID-19, the pandemic naturally has required a bit of a shift in CISA’s approach, the official acknowledged, saying, however, that the agency was a bit ahead of the game as far as the related digital transformation. The agency is relying more on unclassified operations, which is making a difference insofar as its ability to increase its interactions with the election community to heighten cybersecurity. “We believe it allows us to act in a more open, nimble environment, and allows us to get services and information to our customers rapidly.”
In addition, CISA released the first package of cybersecurity instruments in its series of six Cyber Essentials Toolkits on May 29, a follow on from its initial Cyber Essentials released late last year. The new toolkit represents a starting place for local and state governments and small businesses “to understand and address cybersecurity risk as they do other risks,” according to CISA.