Cybersecurity

Despite hype, level of election cyberthreats is uncertain

As candidates, pollsters and political pundits wait for election results to roll in, federal officials are quietly holding their breath to see what, if any, cybersecurity surprises are in store.

State and local elections officials have been scrambling in recent months, with help from the Department of Homeland Security, to patch vulnerabilities and plug holes in the country's election system. But as FCW has reported, there is only so much that can be done, and vulnerabilities exist on a number of levels.

Top officials have sought to calm concerns by pointing out that the distributed, dispersed nature of voting systems renders them less vulnerable to large-scale attacks or manipulation.

The questions now are: Was enough work done to secure the most vulnerable parts of the election chain? Was it the right work? Will any of the potential election hacks take place? And what, if anything, can DHS, the FBI and others do on Election Day?

Federal cybersecurity officials' level of involvement in state-level election preparation is unprecedented, said Ann Barron-DiCamillo, former director of the U.S. Computer Emergency Readiness Team at DHS. "But we've also had an unprecedented amount of activity and chatter that has...made that a prerequisite in this election."

Barron-DiCamillo told FCW that there isn't much DHS can do on Election Day, either legally or technically, to respond to cybersecurity incidents because voting is handled by state and local authorities.

"I think the biggest thing [DHS] can do is really be that central repository or central location for communication so if something is trending or starting to occur in one part of the country, they can get that shared really quickly," she said. "One person's detection is another person's prevention."

In addition to sharing information with state and local officials, she said DHS will need to communicate and coordinate with the private sector, especially the large internet service providers.

The recent Mirai botnet attack that hijacked internet-of-things devices could have been a drill for a larger attack on Election Day, Barron-DiCamillo said, and that would require mitigation coordination between DHS and the ISPs.

She also said DHS and other federal agencies would likely have pre-positioned "tactical teams" and specialists in areas where there have been significant threats or concerns of possible malicious activity.

DHS did not respond on an official level to multiple requests for comment about its Election Day posture and procedures, though one employee told FCW there were no signs at the operational level of a large-scale mobilization to respond to Election Day cybersecurity incidents.

FBI officials told FCW in an email message that they have been "working with our state and local partners and providing them with threat indicators that we've observed during the course of our investigations" to help them guard against Election Day attacks. The FBI also has election crimes coordinators standing by at all 56 field offices nationwide.

The National Governors Association issued a statement on Nov. 4 expressing its confidence in the electoral system. "NGA works daily with state officials, election administrators and cybersecurity experts who, for many years, have worked diligently to secure our election systems against disruption or compromise," the statement reads.

But given the extensive hacking of the Democratic National Committee and the probing of state election databases, federal cybersecurity officials will likely be as anxious as the candidates when the polls open.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.