About a month ahead of the midterm elections, the Washington Post’s cybersecurity reporter Derek Hawkins interviewed Kirstjen Nielsen, United States Secretary of Homeland Security, about the current state of the nation’s election security. The interview took place during the Washington Post’s Cybersecurity Summit | 2018.
When asked how the security of state election systems has improved since 2016, Nielsen sounded confident that significant improvements had been made. “We have made tremendous strides. I think everybody that is part of the ecosystem can take quite a bit of pride in that. DHS is now working with all 50 states,” she said.
For indicators of success, Nielsen pointed to the additional cybersecurity governance capabilities in place that focus on critical infrastructure security including the Sector Coordinating Council, the Government Coordinating Council and the EI-Information Sharing and Analysis Center (ISAC). Nielsen also cited a network of intrusion sensors that blanket the polls of about 90 percent of voters, incident response teams and making vulnerability assessment services available to districts. “We really and truly are throwing anything and everything we have at the request of state and locals, in support of their efforts,” she said.
When asked if Nielsen believes that DHS is getting the level of participation necessary from state and local governments, because of some reticence from local election officials about the federal government’s role in election security, she responded that the partnerships between DHS and the states continues to grow.
“The ISAC is a perfect example,” she answered. “This is the fastest growing ISAC we’ve ever seen.” Nielsen said that the states are taking this very seriously, all the way down to the county level, and that the new ISAC is proving to be an active way for state and local governments to exchange election related cyber threat information.
According to Nielsen, more than 1,000 governments have signed up so far. However, that’s just 10 percent of the 10,000 local election jurisdictions around the country.
Regarding the states that have yet to opt to be part of the ISAC, Nielsen explained that each state is approaching election security independently and some states have chosen to secure their own operations through their own chief security officer or CIO. Others may have hired managed security services, while others have turned to the National Guard.
Nielsen said the DHS hasn’t identified the same level of election interference this year as compared to 2016. And, if it did happen, the information-sharing in place would go a long way to bolster defense. “Information-sharing is much stronger than it ever has been and we’re working very closely with the intelligence community,” she said.
Nielsen added that the threat and vulnerability intelligence sharing is quicker, faster and more tailored today than two years ago. “For election day, we’re setting up a situational awareness room. A virtual place where everybody can share quite quickly. We are actually pre-deploying some incident response teams so that should there be any concern, we’ll be there to support our partners if they need it,” she said.
While it’s good news that there is less election interference being identified this year, it’s better news that there is more centralized information-sharing and incident response. It’ll be even better news should the nation get through this election without a hitch and become even more prepared for the presidential election in 2020.