Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security, provided an update to Congress today about how CISA is working to secure election infrastructure ahead of the 2020 Presidential election.
In a hearing before the House Appropriations Committee’s Subcommittee on Homeland Security, Krebs testified on a wide variety of cybersecurity issues, but most interesting was CISA’s work with both Federal, state, local, and tribal entities to secure election infrastructure, including information and communications technology; capabilities, physical assets, and technologies that enable the registration and validation of voters; the casting, transmission, tabulation, and reporting of votes; and the certification, auditing, and verification of elections.
“One of the highest-profile threats we face today is attempts by nation-state actors to maliciously interfere in our democratic elections,” Krebs testified.
While there are still ongoing investigations regarding foreign involvement in the 2016 election, Krebs claimed that DHS and CISA’s work during the 2018 midterm election was a success in thwarting foreign interference.
“Leading up to the 2018 midterms, DHS worked hand-in-hand with Federal partners, state and local election officials, and private sector vendors to provide them with information and capabilities to enable them to better defend their infrastructure,” he said.
According to Krebs, CISA’s approach to election security relies heavily on coordination between all levels of government, improved information sharing, and coordination across agencies and governments. He also discussed how DHS and the Election Assistance Counsel launched a Sector Coordinating Council, which is an industry-led, self-governed counsel that serves as the election technology industry’s primary organization for coordinating with the Federal government.
Krebs said that in totality, these efforts have “enhanced DHS’s ability to identify, assess, and manage risks to election infrastructure in concert with state and local government partners and the private sector organizations that support elections.”
He noted that CISA provides a range of services to state, local, and tribal governments, including:
- A cyber hygiene service for Internet-facing systems;
- Risk and vulnerability assessments;
- Incident response assistance;
- Information sharing;
- Classified information sharing;
- Field-based cybersecurity advisors and protective security advisors; and
- Physical and protective security tools, training, and resources.
Looking ahead, Krebs said that “CISA will continue to work to provide value-added — yet voluntary — services to support their efforts to secure elections in the 2020 election cycle.” He added that the agency will continue to “work with election officials to share information about cybersecurity risks, and to provide voluntary resources and technical assistance.”
“Ensuring the security of our electoral process remains a vital national interest and one of our highest priorities at DHS,” he said. “DHS goals for the 2020 election cycle include improving the efficiency and effectiveness of election audits, continued incentivizing the patching of election systems, and working with states to develop cybersecurity profiles utilizing the NIST [National Institute of Standards and Technology] framework.”
He also said DHS would help whatever political entities requested its assistance, noting that DHS offers the same tools and resources offered to state and local election officials.
“DHS has made tremendous strides and remains committed to working collaboratively with those on the front lines of administering our elections to secure election infrastructure from risks,” Krebs concluded. “We will remain transparent and agile in combating and securing our physical and cyberinfrastructure. However, we recognize that there is a significant technology deficit across SLTT [state, local, tribal, and territorial] governments, and state and local election systems, in particular.”
He said that improving that technology deficit won’t be cheap, rather it will take “significant and continual” investment to ensure all election systems are “upgraded and secure.” He said that these efforts “require a whole of government approach,” which he claimed the White House was committed to.