Americas, Content, Vertical markets

US Election Cybersecurity: CISA Virtual War Room Counters Attacks, Report Says


The Department of Homeland Security’s (DHS) cyber wing has lined up an election day virtual war room to alert state and local voting officials of cyber intrusion attempts by foreign adversaries, the Washington Post reported.

On election day, should suspicious cyber activity raise the Cybersecurity Infrastructure and Security Agency’s (CISA) collective eyebrows, it will alert local employees positioned at the agency's 10 regional offices, who could be dispatched to polling places or election headquarters to investigate, the report said. China, Iran and Russia are widely expected to launch forays on or immediately preceding election day, ratcheting up untold attempts buoyed by successes in the 2016 Presidential quagmire. A recent study showed a majority of states are insufficiently prepared to repel cyber attacks.

But security defenders and the federal, state and local level believe that this time around they’re better armed, prepared and coordinated on all levels, hence the ambitious, virtual war room setup. At CISA headquarters, DHS officials, intelligence personnel, representatives from both political parties, social media companies and voting machine vendors will be on call to help CISA determine its response to any cyber threats, the report said. Election officials nationwide will be able to share intelligence on potential cyber activity and collaborate with CISA to craft a suitable intervention. In addition, CISA will be able to convey classified information from U.S. intelligence agencies to help states enact mitigation tactics.

“I anticipate possibly thousands of local election officials coming in to share information in real time, to coordinate, to track down what’s real and what’s not, separate fact from fiction on the ground,” Matt Masterson, CISA’s senior cybersecurity adviser, told the Washington Post. “We’ll be able to sort through what’s happening and identify: Is this a typical election event or is this something larger?”

The initiative will run around the clock for as long as it takes until winners at all levels of government are confirmed, perhaps running until December when the results are formally certified, Masterson said. “We’ll remain stood up until the community tells us, ‘Okay, we’re good, you can stand down,’” he reportedly said.

In a move to keep Americans informed of cyber threats to the election, CISA has taken the unusual route to offer press conferences throughout the voting period to allay the public’s concerns over the sanctity of the election and to explain typical voting day events, such as machine snafus and inaccessible websites, the media outlet reported.

CISA reportedly conducted a similar operation during the presidential primaries this year and in the 2018 midterm elections. The effort has been credited with blunting a significant number of cyber attacks aimed at both elections.

To some degree, CISA is still in its formative years. For example, last February, the Government Accountability Office (GAO) strongly urged the agency to finalize and publish its plans to secure the 2020 U.S. elections from cyber attacks. Without a comprehensive security blueprint, CISA risks being unable to execute a nationwide strategy to secure election infrastructure, the GAO said. It’s unclear if the virtual war room is part of CISA’s master plan or an ad hoc effort. Still, there’s no doubt CISA’s and U.S. intelligence’s plate has been full since 2016 trying to ferret out campaigns by foreign hackers to gatecrash U.S. elections. Only two weeks ago, U.S. Director of National Intelligence John Ratcliffe warned that Iran and Russia have both tried to undermine Americans’ confidence in the integrity of the vote and spread disinformation to mislead the electorate.

Private industry has also contributed in the fight to repel foreign-backed hackers. In mid-October, Microsoft, aided by a group of security companies and a tandem effort by the U.S. Cyber Command, dealt the massive, Russian-linked Trickbot operation a serious blow, slowing the ransomware distributor’s malware campaigns to assail voter registration, voting and counting ballots and other critical systems.

And, in September, Microsoft outed three prolific hacking crews from China, Iran and Russia for allegedly executing hundreds of cyber assaults on organizations and staffers associated with the election campaigns of President Trump and candidate Joe Biden. In June, Google’s threat analysis group discovered Chinese and Iranian hackers attempting to bore in on the presidential campaigns of Joseph Biden and President Trump, using email phishing to potentially get a foot in the door.

Of note, the House Appropriations Committee in July approved a $56 billion fiscal year 2021 spending package for DHS that includes $2.25 billion for CISA. The appropriation amounts to a $240 million bump above fiscal 2020 spending levels.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.