The Department of Homeland Security (DHS) hosted the “Tabletop the Vote 2018: DHS’ National Election Cyber Exercise,” a three-day, first-of-its-kind exercise to assist DHS and our federal partners, state and local election officials, and private vendors in identifying best practices and areas for improvement in cyber incident planning, preparedness, identification, response, and recovery. Through tabletop simulation of a realistic scenario, exercise participants discussed and explored potential impacts to voter confidence, voting operations, and the integrity of elections. Partners for this exercise include: 44 states and the District of Columbia; Election Assistance Commission; Department of Defense; Department of Justice; Federal Bureau of Investigation; Office of the Director of National Intelligence; National Institute of Standards and Technology; National Security Agency; and the U.S. Cyber Command.
The scenario was based on a combination of real world events as well as potential risks facing election infrastructure, including:
- News and social media manipulation related to political candidates and the conduct of elections;
- Spear phishing campaigns targeting elections officials and personnel;
- Disruption of voter registration information systems and processes;
- Denial of service attacks and web defacements impacting board of election websites and web applications;
- Malware infections impacting electronic voting machines and election management system software; and
- The exploitation of state and county board of election networks.
“Today’s exercise brought together our partners from all levels of government and the private sector in order to test our ability to respond to cyber incidents that could potentially affect an election, and build strong communication and incident response plans across the election community,” said DHS Secretary Kirstjen Nielsen. “The response we have received from this week’s participants has been overwhelmingly positive and we’ve identified areas we need to collectively focus on ahead of the midterm elections. In this environment, if we prepare individually, then we fail collectively, and I am grateful for everyone’s participation and partnership this week.”
The exercise provided election officials and other exercise players the opportunity to exercise and evaluate:
- Cyber threat information sharing and how information shared by the federal government and the Election Infrastructure Information Sharing and Analysis Center (EI-ISAC) can be used for network defense purposes;
- Processes for identifying potential cybersecurity threats or incidents;
- Procedures for requesting state and federal incident response resources if county and state resources are exhausted;
- The importance of a cyber incident response plan and how to incorporate the roles and responsibilities of federal, state, and local entities in responding to a cyber incident impacting elections infrastructure;
- Development of public messaging and notifications related to an elections-focused cyber incident; and
- Best practices and resources for managing cyber risk posed to different components of elections infrastructure and how to mitigate the potential consequences of an incident.
Representatives from DHS have been working with state election officials for more than a year to exercise their cyber incident response plans and capabilities related to election infrastructure.