The Cybersecurity and Infrastructure Security Agency is prepping state and local governments for the final rounds in the fight to secure their election critical infrastructure, according to the agency's top risk manager.
The Cybersecurity and Infrastructure Security Agency is prepping state and local governments for the final rounds in their fight to secure election critical infrastructure, according to the agency's top risk manager.
CISA, a component of the Department of Homeland Security, has been working since the 2016 election to get network scanning, information sharing and other cybersecurity services out to state and local governments so they can secure the 2020 election infrastructure.
So far, CISA isn't seeing any sustained campaigns against election infrastructure that would likely affect the integrity of election results, said Robert Kolasky, director of CISA's National Risk Management Center in remarks at an Oct. 13 cyber resilience summit. "But we've seen enough things that could go in that direction that we need to be hypervigilant," he said.
Along with threats from Russia, China and other adversaries, Kolasky said CISA is also keeping its eye on cybercriminals, particularly the threat ransomware poses to state and local systems. That threat was underlined on Oct. 12, when Microsoft announced it had disrupted the operations of one of the biggest botnets responsible for ransomware-as-a-service on the darkweb.
The Trickbot botnet, which the company said has infected over a million computers worldwide, posed a danger to election infrastructure. That botnet, it said, could "infect a computer system used to maintain voter rolls or report on election-night results, seizing those systems at a prescribed hour optimized to sow chaos and distrust."
CISA continues to regularly consult with federal intelligence agencies and host weekly calls, both unclassified and classified, with state and local election officials on threat intelligence, as well as share threat data.
The agency is also conducting a pilot project of an open-source tool called Crossfeed that passively monitors public-facing state election infrastructure for vulnerabilities. It uses APIs and web scraping to monitor an organization's public-facing attack surface in order to discover assets and flag potential security flaws, according to its repo on GitHub.
This article was first posted to FCW, a sibling site to GCN.