CISA confident on election cybersecurity
- By Mark Rockwell
- Oct 13, 2020
The Cybersecurity and Infrastructure Security Agency's efforts to help state and local governments secure their election critical infrastructure are in an intense home stretch for 2020, according to the agency's top risk manager.
The next three weeks, said Robert Kolasky, director of CISA's National Risk Management Center in remarks at an Oct. 13 cyber resilience summit, will highlight the solid collaboration between CISA, state and local governments on protecting election critical infrastructure.
"It's game day, or almost game day, and we're ready to go," he said.
CISA, a component of the Department of Homeland Security, has been working since the 2016 election on developing relationships with state and local governments, as well as secretaries of state to get scanning, information sharing and other cybersecurity services out to them so they can secure the 2020 election infrastructure, he said.
CISA isn't seeing any sustained campaigns against election infrastructure that would likely affect the integrity of election results.
"But we've seen enough things that could go in that direction that we need to be hypervigilant," he said.
Along with threats from Russia, China and other adversaries, Kolasky said cybercriminals are also part of the picture that CISA is monitoring. In particular, Kolasky pointed to ransomware as a threat to state and local systems.
That threat was underlined on Oct. 12, when Microsoft announced it had disrupted the operations of one of the biggest botnets responsible for ransomware-as-a-service on the darkweb.
The Trickbot botnet, which the company said has infected over a million computers worldwide, posed a danger to election infrastructure. That botnet, it said, could "infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust."
CISA continues to regularly consult with federal intelligence agencies, host weekly calls, both unclassified and classified, with state and local election officials on threat intelligence, as well as share threat data.
The agency is also conducting a pilot project of a tool called Crossfeed that passively monitors public-facing state election infrastructure for vulnerabilities. Crossfeed, an open-source tool, uses APIs and web scraping to gather information on potential risks and vulnerabilities.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.