Increasing Cybersecurity Awareness
Though numerous security threats exist, awareness of these challenges has also skyrocketed since 2016, led in part by efforts from the Department of Homeland Security (DHS) and its Cybersecurity and Infrastructure Security Agency (CISA) as part of ongoing efforts to secure critical infrastructure.
“When it comes to the defender side of things, I think there is certainly more awareness around this in general, certainly at a federal level, and I think there is more willingness and awareness to address this at the state and local level, which in our democratic process is where the rubber meets the road,” McNamara said. “These are the entities in charge of putting these elections on and making sure they run their course and they’re resourced.”
McNamara said that one challenge at the state and local level is the high turnover rate of election administrators, staff and personnel. In the midst of this shuffle, security needs to continuously be prioritized, he said. However, while smaller or more rural counties are not as well resourced, CISA has made several efforts to make free tools and training available across the board. In August, CISA and the Joint Cyber Defense Collaborative (JCDC) worked with the open-source community and private and public sector organizations, for instance, to develop a catalog of free services and tools for state and local election officials. One of these services includes free training from CISA to bolster the security of election infrastructure. The Help America Vote Act (HAVA), which was signed into law in 2002, also includes funds for improving technology used in election systems and bolstering election security.
“From an election security tabulating votes perspective, the organizations and the secretaries of states and the various districts are continuing to make improvements in that space,” said Biasini. “There is continuing to be significant federal funding available for those groups to be able to improve, and there’s also a lot of information sharing from organizations like DHS and other groups that are really helping to bring along the security of the votes.”
Jonathan Reiber, vice president of Cybersecurity Strategy and Policy at AttackIQ, said that both campaign organizations and election administrators should go through at least one exercise before the midterms focused on handling disinformation and the potential for cybersecurity incidents on their infrastructure. It’s also critical for organizations to look at known tactics used by adversaries and prepare for defending against these measures, he noted.
“I think the message that I would relay to the public is, defend your most high value data,” he said. “If you’re a state, make sure that the most important data that you have for the election is as secure as possible. If you’re a campaign, make sure that your campaign surrogates’ data is as secure as possible.”