In recent months we have seen cyber intrusions involving political institutions and personal communications. We have also seen some efforts at cyber intrusions of voter registration data maintained in state election systems. We have confidence in the overall integrity of our electoral systems. It is diverse, subject to local control, and has many checks and balance built in.
Nevertheless, we must face the reality that cyber intrusions and attacks in this country are increasingly sophisticated, from a range of increasingly capable actors that include nation-states, cyber hacktivists, and criminals. In this environment, we must be vigilant.
The Department of Homeland Security stands ready to assist state and local election officials in protecting their systems. In our cybersecurity mission, this is the nature of what we do – offer and provide assistance upon request. We do this for private businesses and other entities across the spectrum of the private and public sectors. This includes the most cybersecurity sophisticated businesses in Corporate America.
It is important to emphasize what DHS assistance does not entail. DHS assistance is strictly voluntary and does not entail regulation, binding directives, and is not offered to supersede state and local control over the process. The DHS role is limited to support only.
DHS offers the following services to state and election officials to assist in their cybersecurity:
- Cyber hygiene scans on Internet-facing systems. These scans are conducted remotely, after which we can provide state and local officials with a report identifying vulnerabilities and mitigation recommendations to improve the cybersecurity of systems connected to the Internet, such as online voter registration systems, election night reporting systems, and other Internet-connected election management systems.
- Risk and vulnerability assessments. These assessments are more thorough and done on-site by DHS cybersecurity experts. They typically require 2-3 weeks and include a wide range of vulnerability testing services, focused on both internal and external systems.
- The National Cybersecurity and Communications Integration Center, or “NCCIC.” The NCCIC is DHS’s 24×7 cyber incident response center. We encourage state and local election officials to report suspected malicious cyber activity to the NCCIC. On request, the NCCIC can provide on-site assistance in identifying and remediating a cyber incident.
- Information sharing. DHS will continue to share relevant information on cyber incidents through multiple means. The NCCIC works with the Multi-State Information Sharing and Analysis Center (MS-ISAC) to provide threat and vulnerability information to state and local officials. All states are members of the MS-ISAC. DHS requests that election officials connect with their state CIO to benefit from this partnership and rapidly receive information they can use to protect their systems. State election officials may also receive incident information directly from the NCCIC.
- Sharing of best practices. DHS intends to publish best practices for securing voter registration databases and addressing potential threats to election systems from ransomware. These best practices documents will be publicly available by September 16, 2016.
- Field-based cybersecurity advisors and protective security advisors. DHS has personnel available in the field to provide actionable information and connect election officials to a range of tools and resources available to improve the cybersecurity preparedness of election systems and the physical site security of voting machine storage and polling places. These advisors are also available to assist with planning and incident management assistance for both cyber and physical incidents.
In recent weeks a number of states have reached out to us with questions or for assistance. We strongly encourage more state and local election officials to do so.