DHS accelerates security assistance for election systems
- By Sara Friedman
State and local elections officials preparing for the 2018 elections are strapped for time and resources, but the Department of Homeland Security’s National Protection and Programs Directorate is stepping in to help.
Two weeks ago, at the request of the Elections Government Coordinating Council, NPPD released guidance on what states and localities should do with their share of the $382 million from 2018 Help America Vote Act Security Fund, said Matt Masterson, NPPD senior cybersecurity advisor, during a June 12 Senate Judiciary Committee hearing.
NPPD provided insights on where the money should be used to address risks in the election process. “We focused first on common IT vulnerabilities that exist across elections -- things like patching, training for phishing campaigns as well as manpower,” Masterson said.
Long-term suggestions included looking into election systems' overall resilience, ensuring auditability and defensibility through long-term investments and training local officials in cybersecurity.
The NPPD is working directly with state and local officials across the country to help them improve their elections infrastructure. Part of this process involves providing states with free resources such as vulnerability scans and training.
Seventeen states have received the results of such vulnerability scans, Masterson said, and those results showed that the elections sector is no different from others when it comes to cybersecurity.
“With the elections infrastructure, we are seeing the same vulnerabilities across IT systems … maintenance, software updates, updating equipment and hardware and general upgrades that need to take place, as well as configuration management to limit the amount of damage that can be done,” he said.
In addition, the NPPD is providing federal security clearances to three election officials in each state so that DHS can keep states more fully updated on election threats.
The Department of Justice is also working to address interference with elections. Adam Hickey, deputy assistant attorney general in the National Security Division, said a report from the Cyber-Digital Task Force on foreign threats to elections is due to the attorney general in June and will be made public in mid-July.