Department of Homeland Security Secretary Kirstjen Nielsen said today that DHS’ National Cybersecurity and Communications Integration Center (NCCIC) will provide a resource center on Election Day that will actively respond to threats of cyber intrusion when voters go to the polls on November 6.
Nielsen, speaking at a Washington Post event, detailed how government-wide coordination on election security has made “tremendous strides” in the past few months, and expressed that she feels much more comfortable about security around critical infrastructure than in months prior.
“Everybody who’s part of the ecosystem can take pride,” Nielsen said of the recent achievements.
She provided statistics that back that claim, noting that in just six months, the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) has become the “fastest growing ISAC we’ve ever seen.”
DHS established the EI-ISAC in March, tasking the nonprofit Center for Internet Security with running the coordinating body, which is open to “all state, local, tribal, and territorial government organizations that support the elections officials.” Nielsen said that EI-ISAC now boasts more than 1,000 participants.
Nielsen was pressed on how that number still doesn’t match the roughly 10,000 different election jurisdictions in the United States. She said that certain localities have chosen to do their own “organic” work to secure their election infrastructure. Others, she said, have hired third parties, but a great deal have chosen to coordinate with DHS.
Nielsen did however note that all 50 states are partnering with DHS, and part of that partnership includes the addition of “intrusion sensors” aimed to “supplement, but not replace” states’ individual efforts toward election security. Nielsen said about 90 percent of those voting on election day will be covered by the Albert sensors, which allow Federal authorities to oversee localities’ voting systems and detect potential hacks.
Regarding the range of election and other critical infrastructure security threats, Nielsen generally avoided specific references to government efforts to thwart would-be nation-state attackers, but did note, “The IC [intelligence community] is out there every day. I’m out there every day. NPPD [DHS’ National Protection and Programs Directorate] is out there every day.”
Regarding the latter organization, the conversation also shifted to legislation still languishing in Congress, the Cybersecurity and Infrastructure Security Agency (CISA) Act, which would rename NPPD and enshrine it as the Federal agency leader on cybersecurity and critical infrastructure. That’s a role NPPD is already performing today, Nielsen said.
Despite rumblings in the latter half of September about the Senate bringing a bill to elevate NPPD, no action has yet been taken in that chamber of Congress. The CISA Act passed the House in December 2017. Even Vice President Pence has voiced his desire to see it enacted.
Nielsen said she has heard no evidence that there are objectors to the potential legislation in the Senate, but suggested that the tight legislative calendar could be preventing the action. She also said that some may been apprehensive due to a misplaced belief that the bill would grant DHS new authorities.
Still, Nielsen said she was “very hopeful that we get this on the President’s desk” before the end of the year.
“We are the national cybersecurity agency,” Nielsen clarified. “That’s why we need CISA, to make that clear.”