Bob Kolasky, Director of the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Security Agency (CISA), today pronounced state and local election authorities “well positioned” to conduct secure elections next month.
Speaking at the CISQ Cyber Resilience Summit, Kolasky explained the years’ worth of work that CISA has undertaken with state and local parties to help ensure election security. “We set up a pretty damn good information system” to support state and local governments, he said. “It’s getting close to game day, and we are ready to go.”
At the bottom line, Kolasky said CISA’s election assistance efforts are aiming to help manage against “loss of functionality, but more than that is the loss of confidence of the American voter.”
“Did your vote count? Did anything cause you concern that your vote didn’t count … That is what we are trying to manage the risk against,” said Kolasky, whose NRMC focuses heavily on election security and other critical national functions.
Kolasky also urged voters to be patient about the timing of actual election results. “It’s going to be a dynamic process … We are voting during a pandemic,” he said, adding, “the pace at which we know who won elections is going to be different, so we urge voters to be patient.”
Benefits of Information Sharing
The NRMC Director said CISA and state and local election authorities in the current election cycle are reaping the benefits of several years of work on the issue. “We are able to do what we do now because we worked hard since 2017” to make the necessary relationships with state and local election authorities, coordinating councils, and others to put information sharing and analysis structures in place.
“We recognized that the initial key” to the effort was regular sharing of intelligence and other security information, he said, plus a reporting structure centered around the Multi-State Information Sharing and Analysis Center (MS-ISAC) to share election-related information.
The MS-ISAC, Kolasky said, is now the fastest growing ISAC, with about 3,000 members that share threat and technical indicators, and vulnerability reporting.
In addition, he said CISA has been able to provide what he called “Albert sensors” – similar in purpose to the Einstein sensors that the agency uses to protect civilian Federal government networks – to election system operators to provide them with security alerts for network threats and to help them identify malicious activity.
Kolasky said that voting systems serving 99 percent of U.S. voters are covered by the Albert sensors, and that they give operators “much richer technical detail” and make sure that they see anomalous behavior on their networks.
“We have created this incredible information sharing environment for sharing threats to election infrastructure,” Kolasky said, that makes possible “an exponential increase” information sharing with election authorities since 2016.
“We have a good level of confidence in election infrastructure” because of the information sharing capabilities, he said, adding, that CISA remains ready to address security issues “as they happen.”
Hands-On Help, Preparedness
His positive assessment of U.S. voting infrastructure readiness also rests on what he called the other two legs of a strategic triangle – helping election system owners improve their security practices, and creating a greater culture of preparedness.
On the first front, he said CISA helps election authorities with vulnerability scanning, remote penetration testing, and phishing assessments, among other services. “When requested, we are coming in taking a look at state and local systems and practices … and assessing where there are opportunities for improvement,” he said.
The end results of that effort are further deployments of multi-factor authentication technology, better phishing training, more endpoint detection, better practices for transferring data, and finally, more “patching, patching, patching.”
“It’s never going to be perfect,” he said of state and local election authority security, but CISA’s efforts have resulted in “real upgrades” in security practices.
Kolasky said preparedness training has involved planning, a variety of exercise, improving communications, and “then really thinking through what could go wrong.”
He said CISA and election authorities are in a “period of heightened vigilance” with three weeks to go until Election Day. A few days before the election, he said CISA will go to “24/7 coverage, thinking about everything that could go wrong, and anything that needs to be tracked down.”