The Cybersecurity and Infrastructure Security Agency (CISA) released tools this past week to help protect the upcoming midterm elections against ransomware, phishing and DDoS attacks.
August 14, 2022 •
In a press release dated Aug. 10, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) released “Protecting U.S. Elections: A CISA Cybersecurity Toolkit.”
The toolkit offers free services and tools
The CISA press release provides this background on the toolkit:
- Assess their risk using an Election Security Risk Profile Tool developed by CISA and the U.S. Election Assistance Commission;
- Find tools related to protecting voter information, websites, email systems and networks; and
- Protect assets against phishing, ransomware and distributed denial-of-services (DDoS) attacks.
“I am very proud to announce another valuable resource that can help officials further reduce their cyber risk and improve their security posture,” said CISA Director Jen Easterly. “Each day, state and local election officials confront threats to their infrastructure from foreign interference, nefarious actors, insider threats and others. This is one more resource to help them in their ongoing efforts to ensure American elections remain secure and resilient.”
- Address areas of greatest risk.
- Ensure that technical cybersecurity assessments and services are meeting critical needs.
- Gain a sound analytic foundation for managing election security risk with key partners at the federal, state and local level.
- Voter information: Threat actors may try to compromise or manipulate electronic poll books and voter registration databases in an attempt to cause confusion or delay voting.
- Websites: Threat actors often target state and local websites with DDoS, phishing and ransomware attacks.
- Email systems: Threat actors use phishing as the preferred vector with which to target state and local email systems.
- Networks: Threat actors commonly use vectors, such as phishing or malware, to infiltrate state and local networks that election offices rely on for regular business functions
You can learn more about the CISA Cyber Defense Collaborative here.
COVERAGE OF THE NEW TOOLKIT
“Election officials are directed to use the tools and services that correspond to the election infrastructure that needs to be secured. The toolkit lists various commercial solutions, which are categorized as being ‘basic’ or ‘advanced.’ It also offers links to CISA’s own services and training resources for election officials.
MS-ISAC AND EI-ISAC MEETING
“This important summit gathered 900 SLTT and election officials who work in the areas of cybersecurity, information technology and related departments. Join us as we share ideas about how to improve the cybersecurity posture of U.S. state, local, tribal and territorial (SLTT) governments, as well as our critical election infrastructure.”
The agenda listed at the website described sessions such as “Perils to the Popular Vote: Assessing the Current Threat Environment of the 2022 Election Cycle and How to Protect Election Integrity.” There was also a session entitled “Anatomy of a Breach,” described this way: “Data breaches have become commonplace. But, what do you do when it happens to you or a trusted partner? Panelists will discuss how election officials and cybersecurity professionals must work together to respond quickly and minimize exposure of critical infrastructure data. Learn how the EI-ISAC can also play a role in gathering intelligence and assessing the damage.
- Tim Davis – Elections Operations Analyst, EI-ISAC
- Noah Beadle – Elections Operations Analyst, EI-ISAC
- Brian Leach – Chief Information Officer, South Carolina State Election Commission
- Chris Whitmire – Deputy Executive Director, South Carolina State Election Commission”
There have been numerous blogs and articles in Government Technology covering this important election security topic. Here are two of the pieces I have previously assembled:
Also, these are a few blogs regarding the MS-ISAC:
Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.
*** This is a Security Bloggers Network syndicated blog from Lohrmann on Cybersecurity authored by Lohrmann on Cybersecurity. Read the original post at: https://www.govtech.com/blogs/lohrmann-on-cybersecurity/cisa-releases-free-cybersecurity-toolkit-to-protect-elections