DHS confident on election cybersecurity

The Cybersecurity and Infrastructure Security Agency's efforts to help state and local governments secure their election critical infrastructure are in an intense home stretch for 2020, according to the agency's top risk manager.

The next three weeks, said Robert Kolasky, director of CISA's National Risk Management Center in remarks at an Oct. 13 cyber resilience summit, will highlight the solid collaboration between CISA, state and local governments on protecting election critical infrastructure.

"It's game day, or almost game day, and we're ready to go," he said.

CISA, a component of the Department of Homeland Security, has been working since the 2016 election on developing relationships with state and local governments, as well as secretaries of state to get scanning, information sharing and other cybersecurity services out to them so they can secure the 2020 election infrastructure, he said.

CISA isn't seeing any sustained campaigns against election infrastructure that would likely affect the integrity of election results.

"But we've seen enough things that could go in that direction that we need to be hypervigilant," he said.

Along with threats from Russia, China and other adversaries, Kolasky said cybercriminals are also part of the picture that CISA is monitoring. In particular, Kolasky pointed to ransomware as a threat to state and local systems.

That threat was underlined on Oct. 12, when Microsoft announced it had disrupted the operations of one of the biggest botnets responsible for ransomware-as-a-service on the darkweb.

The Trickbot botnet, which the company said has infected over a million computers worldwide, posed a danger to election infrastructure. That botnet, it said, could "infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust."

CISA continues to regularly consult with federal intelligence agencies, host weekly calls, both unclassified and classified, with state and local election officials on threat intelligence, as well as share threat data.

The agency is also conducting a pilot project of a tool called Crossfeed that passively monitors public-facing state election infrastructure for vulnerabilities. Crossfeed, an open-source tool, uses APIs and web scraping to gather information on potential risks and vulnerabilities.

This article first appeared on FCW, a Defense Systems partner site.