The Cybersecurity and Infrastructure Security Agency (CISA) released its “Protecting U.S. Elections: A CISA Cybersecurity Toolkit” today, a one-stop catalog of free services and tools available for state and local election officials to improve the cybersecurity and resilience of their infrastructure. As the lead federal agency responsible for election security, CISA regularly works with state and local election officials to secure their systems and offers a number of services, information products, and other resources.
This toolkit was developed through CISA’s Joint Cyber Defense Collaborative (JCDC), which worked with private and public sector organizations, including in the election community, and JCDC alliance members – to compile these free resources. The toolkit is organized into broad categories designed to help election officials:
- Assess their risk using an Election Security Risk Profile Tool developed by CISA and the U.S. Election Assistance Commission;
- Find tools related to protecting voter information, websites, email systems, and networks; and
- Protect assets against phishing, ransomware, and distributed denial-of-services (DDoS) attacks.
“I am very proud to announce another valuable resource that can help officials further reduce their cyber risk and improve their security posture,” said CISA Director Jen Easterly. “Each day, state and local election officials confront threats to their infrastructure from foreign interference, nefarious actors, insider threats, and others. This is one more resource to help them in their ongoing efforts to ensure American elections remain secure and resilient.”
The toolkit is the latest resource that CISA and our partners have developed to support the election community. CISA’s website lists a number of resources and guidance on everything from cybersecurity to physical security for polling sites and election officials to combat mis-, dis-, and malinformation. The agency works with election officials in all 50 states, the District of Columbia and the territories to regularly share timely and actionable information and intelligence, and provide cybersecurity services, technical assistance, and guidance.