The November election has prompted more states than usual to reach out the Department of Homeland Security (DHS) for cybersecurity services pertaining to voting systems.
About 10 states have reached out to DHS’s Office of Cybersecurity and Communications (CS&C) to ask questions and provide feedback on its cybersecurity services, according to Neil Jenkins, director of the Enterprise Performance Management Office (EMPO) at DHS. He said there has been an uptick in outreach because of the impending election.
Among other services, CS&C offers state and local voting authorities Cyber Hygiene (CH) checks, which scan for configuration errors and vulnerabilities. Agencies that use this free service receive a report on their CH every two weeks. CS&C also provides Risk and Vulnerability Assessments (RVA), which involve DHS teams coming into a state or local election office and showing how their system can be exploited. Geoff Hale, Cybersecurity Strategist for EMPO, cautioned that RVAs are offered on a first-come, first-served basis. “We want you to know about the local resources available to you and the incident responders that can help you in the event of a catastrophe,” Hale said.
Hale, who spoke at the National Institute of Standards and Technology’s (NIST) Technical Guidelines Development Committee Meeting Sept. 16, said that all states are already registered to participate in the Multi-State Information Sharing and Analysis Center (MS-ISAC). Using this center, representatives from state and local governments can connect and disseminate information with one another.
Although DHS announced that election systems will not be designated as national critical infrastructure, Hale said that these cybersecurity voting services will remain available to citizens no matter what.
“I don’t think that issue affects the services we provide,” Hale said. “The secretary has had discussions and will continue to get the perspective of election officials, but this will not be taking place anytime soon and it may not be taking place at all.”