With elections over, DHS maintains ‘heightened’ posture

With some elections still too close to call, the Department of Homeland Security has not stopped looking for potential interference, according to Bob Kolasky, the acting deputy under secretary for the agency's National Risk Management Center. NRMC be watching these elections closely until they are all finalized, he told FCW.

About 20 House races remain undecided, along with a handful of Senate and governor’s elections, according to a Nov. 7 count by the Associated Press. DHS said it found "nothing significant to report" in terms of interference with the election.

“We’re not going to take a victory lap on election day -- let’s get the process of certification done around that,” Kolasky said. “We’re still in the heightened information sharing posture.”

Once the elections are finalized, the NRMC will continue to work with secretaries of state and others in the election space, especially on information sharing, Kolasky said, but it expects to do fewer risk assessments in 2019 and plans to turn its attention to other infrastructure areas.

The NRMC has been in operation for “about 100 days” -- put in place to protect critical infrastructure against potential nation-state attacks and other threats like large-scale natural disasters, Kolasky said in comments at the Nov. 8 National Institute of Standards and Technology Cybersecurity Risk Management Conference in Baltimore.

Its goal is working with industry, which owns much of the critical infrastructure, to secure these large networks.

“We now live in a time where critical infrastructure in the United States, much of which is run companies that do business globally, could be targets for nation-states that can afford to play the long game, can think in their own strategic interests, can actually get down to looking for things that are vulnerabilities,” he said.

Right now, NRMC is working to identify the “critical functions” are that it should focus on, but it already has some efforts underway. Along with its work around elections, NRMC is focused on pipeline security, and it plans to pursue issues related to supply chain and navigation, such as position, navigation and timing, he said.

Its effort on supply chain -- the ICT Supply Chain Risk Management Task Force -- will officially launch next week, Kolasky said. NRMC is working in collaboration with the IT Sector Coordinating Council and the Communications Sector Coordinating Council on the effort.

Last week, NRMC held a working group meeting with representatives from the electricity, banking and finance and communications sectors to talk about the “critical functions” and interdependencies between the sectors. NRMC plans to hold a broader workshop with the same sectors in December, Kolasky told reporters.

Efforts are still in the analysis stage, he said, which involves determining what is important before digging into how the systems work and any issues that may exist.

“But it's time to get past analysis,” he said, “It’s time to … change the nature of the risk landscape.”