Thirty-three state and 11 county or local election agencies have asked the Department of Homeland Security (DHS) about its cybersecurity services.
With a month “to go before the November 8 election, we encourage other election agencies to do the same,” DHS Secretary Jeh Johnson said on the heels of the Office of Director of National Intelligence (ODNI) Director James Clapper having jointly announced with DHS that Intelligence Community (IC) analysts and investigators are very confident the Russian government directed the recent compromises of emails from US persons and institutions, including US political organizations like the Democratic National Committee, and, perhaps, Democratic Presidential candidate Hillary Clinton’s admittedly unsecured and grossly mismanaged private home server on which she kept a variety of highly classified materials.
“Our services include cyber hygiene scans on Internet-facing systems, as well as risk and vulnerability assessments,” Johnson said, noting, “We can conduct cyber hygiene scans remotely, and provide state and local election officials with a report identifying vulnerabilities and recommendations to improve online voter registration systems, election night reporting systems, and other Internet-connected election systems.”
“Time is a factor,” Johnson emphasized Monday. “There are only 29 days until election day, and it can take up to two weeks from the time we receive authorization to run the scans and identify vulnerabilities. It can then take at least an additional week for state and local election officials to mitigate any vulnerabilities on systems that we may find.”
“Increasingly, the nation’s election infrastructure leverages information technology for efficiency and convenience. And like other systems, reliance on digital technologies introduces new cybersecurity risks. However, the diverse and dispersed nature of our election infrastructure provides inherent resilience and presents real challenges to a coordinated,significant incident having an impact on election results,” DHS National Protection and Programs Directorate Office of Cybersecurity and Communications Assistant Secretary Andy Ozment told a House Committee on Oversight and Government Reform, Subcommittee on Information Technology last month.
Ozment said, ”Our National Cybersecurity and Communications Integration Center (NCCIC) helps stakeholders in federal departments and agencies, state and local governments, and the private sector to manage their cybersecurity risks. Consistent with our long-standing partnerships with state and local governments, we are working with election officials to share information about cybersecurity risks and to provide voluntary resources from the department upon request.”
“Recent news reports have mentioned cyber incidents in several states this year related to election infrastructure, specifically voter registration databases. Our NCCIC has shared actionable information about these incidents through direct outreach to state and local governments and through the Multi-State Information Sharing and Analysis Center (MS-ISAC), to enhance situational awareness and provide election officials with the information needed to protect themselves from similar incidents,” Ozment said. “Importantly, none of the reported incidents contain indications of malicious activity that would impact the ability of voters to cast their ballots.”
Ozment told lawmakers that, “Addressing cybersecurity challenges such as these is not new for our department. At the NCCIC, we have three sets of cybersecurity customers: federal civilian agencies; state local, tribal, and territorial governments; and the private sector. The NCCIC has three lines of business to support these customers: information sharing, bet practices, and incident response. Support to state and local customers, such as election officials, is part of the NCCIC’s daily operations.”
To request cybersecurity assistance, contact the Department of Homeland Security at SLTTCyber@hq.dhs.gov.