Cybersecurity

3 ways DHS is helping states with election security

Bing Wen/Shutterstock.com 

A hacked voting machine on display at the DefCon conference in Las Vegas, July 2017. (Photo credit Bing Wen/Shutterstock.com)

A Department of Homeland Security official said the federal government is substantially more prepared to deal with a nation-state attack on election systems today than it was in the lead-up to the 2016 election.

In a Jan. 10 speech to the Election Assistance Commission in Washington D.C., Bob Kolasky, acting deputy under secretary for the National Protection and Programs Directorate, said the department has worked to expand its communication and outreach to state and local governments, which are primarily responsible for administering elections.

"The Department of Homeland Security is in a much better position to work with our interagency partners and the election community to respond to any lingering threats that emerge going forward," he said.

Kolasky said DHS has focused on improving election security assistance to states and localities in three key areas: establishing sound working partnerships with state and local governments, boosting information sharing through a mix of declassification and increased security clearances and dedicating more departmental resources to critical federal election security resources that states rely on.

He likened 2016 efforts to coordinate with states on malicious cyber activity to building relationships "in the middle of a hurricane" as officials attempted to communicate with intelligence agencies, process classified information, establish relationships with states and provide them tools or expertise all at the same time.

Since then, the department has worked to establish a pair of councils to ensure better coordination between every organization involved in the election system. The first consists of federal, state and local government election officials. The second council, still pending, will be designed to engage the private sector, namely voting machine manufacturers and software providers.

"A lot of state and local officials buy from the same groups of people," Kolasky said. "We want to make sure there is an ability for us collectively to have conversations with vendors about security challenges."

The department is also looking to boost information sharing between the federal government and state and local election offices. DHS came under criticism from some states during the 2016 election for subpar information sharing.

Earlier during the summit, Kim Wyman, secretary of state for Washington, recounted the frustration she felt in 2016 when the department briefed states on an assessment that found Russian hackers had scanned election systems in 21 states, but declined to specify which states had been targeted.

"I mention this not to throw [DHS] under the bus because they're wonderful, it's just they're not used to operating in this world of transparency like we do," said Wyman.

Kolasky didn't mince words when discussing the department's need to improve the threat intelligence it shares with state and local governments. The department said it is working on sponsoring and encouraging election officials in all 50 states to apply for security clearances and will push intelligence agencies to be more aggressive about declassifying information that can be used by state and local election officials.

"We have improved on that, we will improve on that going forward," he said. "We will always prioritize getting security information out to the people who make security decisions."

Finally, Kolasky said DHS has dedicated more departmental resources to programs and tools designed to assist states. He mentioned one of the most popular tools: risk and vulnerability assessments that involve deploying federal cyber experts to work with states, gain familiarity with their systems and make key security recommendations.

The department has experienced a backlog of states requesting the service, so many that it would have prevented DHS from providing assistance to some states until weeks before the mid-term elections. Kolasky said the department has responded to those concerns by undergoing a "significant shift in resources," dedicating more personnel to the program. The department now expects to assist all 14 states with pending requests by April 2018.

"We want the rest of the states to sign up, and if they do, we believe we'll be able to do those on-site assessments before the mid-term elections," he said.

About the Author

Derek B. Johnson is a staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group