U.S. Election 2020 and Cybersecurity: The Strategy
The Cybersecurity and Infrastructure Security Agency (CISA), which operates under the Department of Homeland Security, sees itself as the nation’s “risk advisor.” One of its highest priorities is securing election infrastructure, for obvious reasons considering Russia’s meddling in the 2016 presidential campaign.
CISA’s new #Protect 2020 outreach program is aimed squarely at engaging local election officials in more than 8,000 jurisdictions throughout the country to help lock down election security. The goal is to identify potential security vulnerabilities to the election infrastructure before any flaws are exploited by adversaries foreign or domestic to interrupt the 2020 vote.
“Threats to election systems are constantly evolving, so defending these systems requires constant vigilance, innovation, and adaptation,” CISA officials said of #Protect 2020. “State and local election officials nationwide are responsible for the operation and administration of elections.”
Preparing for the 2020 elections through engaging political campaigns, political parties, and political committees at the national level is also part of the initiative. The security agency has defined five priorities to defend the country’s 2020 election infrastructure in a coordinated effort with the Election Infrastructure Government Coordinating Council:
- Increase engagement and support to local level elections officials.
- Increase awareness of risks associated with inconsistent and insufficient resources.
- Mature risk initiatives through Sector Specific Agency Councils.
- Apply lessons-learned from 2018 to review and refine the communications mechanisms and content supporting the subsector.
- Drive improved security practices in future election infrastructure.
In addition, CISA has outlined its goals for the 2020 elections:
- Achieving 100 percent auditability by 2020 so that all votes cast in 2020 and subsequent elections have a corresponding auditable record.
- Improving the efficiency and effectiveness of audits.
- Incentivizing the patching of election systems.
- Working with states to develop current and target cybersecurity profiles by utilizing the National Institute of Standards and Technology framework.
- Increasing election officials’ awareness and participation in Domain-based Message Authentication, Reporting, and Conformance (DMARC), Hyper Text Transfer Protocol Secure (HTTPS), CISA’s free election services, Election Infrastructure Information Sharing and Analysis Center membership, and Albert sensor deployment.
- Increased adoption of cyber best practices by state, local, tribal and territorial governments.
“Ensuring that the United States’ electoral process is secure and resilient is one of CISA’s top priorities,” the agency said. “Through #Protect2020, CISA will partner with election community stakeholders to ensure the continued vitality of the fair and free elections that characterize American democracy.”