CISA ‘hypervigilant’ on election cybersecurity
- By Mark Rockwell
- Oct 14, 2020
The Cybersecurity and Infrastructure Security Agency is prepping state and local governments for the final rounds in their fight to secure election critical infrastructure, according to the agency's top risk manager.
CISA, a component of the Department of Homeland Security, has been working since the 2016 election to get network scanning, information sharing and other cybersecurity services out to state and local governments so they can secure the 2020 election infrastructure.
So far, CISA isn't seeing any sustained campaigns against election infrastructure that would likely affect the integrity of election results, said Robert Kolasky, director of CISA's National Risk Management Center in remarks at an Oct. 13 cyber resilience summit. "But we've seen enough things that could go in that direction that we need to be hypervigilant," he said.
Along with threats from Russia, China and other adversaries, Kolasky said CISA is also keeping its eye on cybercriminals, particularly the threat ransomware poses to state and local systems. That threat was underlined on Oct. 12, when Microsoft announced it had disrupted the operations of one of the biggest botnets responsible for ransomware-as-a-service on the darkweb.
The Trickbot botnet, which the company said has infected over a million computers worldwide, posed a danger to election infrastructure. That botnet, it said, could "infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust."
CISA continues to regularly consult with federal intelligence agencies and host weekly calls, both unclassified and classified, with state and local election officials on threat intelligence, as well as share threat data.
The agency is also conducting a pilot project of an open-source tool called Crossfeed that passively monitors public-facing state election infrastructure for vulnerabilities. It uses APIs and web scraping to monitor an organization's public-facing attack surface in order to discover assets and flag potential security flaws, according to its repo on GitHub.
This article was first posted to FCW, a sibling site to GCN.
Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.
Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.
Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.
Click here for previous articles by Rockwell.
Contact him at [email protected] or follow him on Twitter at @MRockwell4.