Federal IT Leaders at DHS, NSA Highlight Election Security Efforts – FedTech Magazine

Federal Leaders Lean In on Election Security

Rob Joyce, senior adviser for cybersecurity strategy to the director of the NSA, remains one of the most well-respected voices in federal cybersecurity. He recently retweeted comments from the NSA director, Gen. Paul M. Naksone (another FedTech Influencer), who noted that NSA and U.S. Cyber Command are squarely focused on ensuring “safe, secure and legitimate 2020 elections.”

CISA Director Chris Krebs recently echoed that sentiment by highlighting his agency’s work with the EAC, NSA, FBI, Office of the Director of National Intelligence, National Association of State Election Directors and National Association of Secretaries of State. “#Protect2020 means ensuring American voters decide American elections,” Krebs tweeted.

Krebs’s tweet promoted a statement from William Evanina, director of the National Counterintelligence and Security Center, in which he noted that election security remains a “top priority” for the intelligence community, which is supporting DHS and the FBI.

Evanina’s statement noted that it is imperative to “share insights with the American public about foreign threats to our election and offer steps to citizens across the country to build resilience and help mitigate these threats.”

Meanwhile, Matthew Masterson, CISA’s senior cybersecurity adviser on election security, tweeted a link to a CISA planning guide for election officials. “One of the simplest things an election office can do to #Protect2020 is creating or updating their incident response plans,” he noted.

The guide and associated templates are “voluntary tools to help jurisdictions effectively recognize and respond to potential cyber incidents. Election offices can use this information as a basic cyber incident response plan or integrate it into a broader plan based on their specific needs,” states CISA.

The templates, which can be customized to meet the specific needs of each jurisdiction, include key stakeholders and contact information worksheets for incident notification and response.

They also include incident notification plans, “providing standardized procedures for notifying appropriate stakeholders of a potential cyber incident based on observed symptoms and level of criticality,” according to CISA. The plans offer state and local officials a list of incident indicators or symptoms that “system users can reference to detect potential cyber incidents and initiate” appropriate notification plans for escalation and reporting.

MORE FROM FEDTECH: Find out how DHS is working with state governments on election security. 


Leave a Reply