The Cybersecurity and Infrastructure Security Agency (CISA) remains highly confident in the agency’s efforts to defend against nation-state cyber threats including those targeting U.S. elections and supply chains, a senior CISA official said today.
“I remain very, very confident that the tally of votes – the actual vote count itself – will be faithful to what the voter actually put in the machine,” CISA’s Assistant Director for Cybersecurity Jeanette Manfra said at the Washington Post Live Cybersecurity Summit.
CISA’s lessons learned from the 2016 U.S. elections include maintaining good visibility, making sure communications protocols are well understood, and engaging the public with truthful information about the election process, she said.
When asked whether the public should be concerned about election vulnerabilities, Manfra said it’s important to provide context to those concerns, and that CISA remains focused on any actors who may try to spread disinformation and dissuade people from voting.
The CISA official also addressed technology supply chain concerns regarding problematic companies including Kaspersky Labs and Huawei Technologies. She said that there are a lot of efforts ongoing in the software community to work on securing the supply chain, and continuing to look at sources of software and hardware.
Manfra emphasized that the U.S. can’t have a broad approach to supply chain “where you say everything from X country is bad” for economic reasons. Instead, CISA is looking at three components when dealing with procurement:
- Understanding the laws of the country where data comes from and where it’s stored;
- Understanding the level of access to your systems and data that the IT service or product has; and
- Having a more systemic and open process to looking at suppliers.