As the U.S. government takes early steps to roll out a collaborative cybersecurity framework designed to protect election systems, the pressure is now on state election officials and the Department of Homeland Security to hash out the details in less than two years.
Over the weekend, DHS shared how the government plans to implement the designation of election systems as “critical infrastructure,” an important categorization announced during the Obama administration that effectively allocates additional resources and defenses to related systems.
A rough draft of this strategy was described in a meeting with state election officials, the FBI and the Election Assistance Commission over the weekend.
The plan has four objectives: information sharing, collaboration, threat and risk analysis, and ensuring that states have appropriately updated defense systems, according to Politico.
Matthew Masterson, EAC Chair, said that the timeliness of DHS’s plan appeared to be the primary concerns for state election officials who attended the gathering.
“Activity and information needs to be shared continuously moving forward because there’s always another election coming, and election officials are always preparing for the next election,” Masterson said.
Masterson said he has not seen a specific schedule of the plan from DHS, but that the agency has provided the general timeline that the sector should be established by the end of the year. In the meantime, EAC is planning to host another meeting with DHS and state election officials on July 25 to further discuss the plan’s timeline.
Part of the DHS plan includes ongoing threat and risk assessment and ensuring that states have tools to upgrade their cyber defenses. Where the funds will come from to pay for these upgrades is another open-ended question without an immediate answer.
“Generally speaking, there isn’t money that automatically comes with [the] critical infrastructure [designation],” Masterson said. “Certainly that’s the number one question that election officials are asking. But DHS has indicated that there may be additional opportunities for grant funding where critical infrastructure sectors are prioritized for that grant funding.”
EAC has in the past attempted to produce best practices to guide election officials in the establishment of good baseline cyber hygiene, Masterson said. These practices allow localities to better act on any information DHS may provide about impending threats.
“The plan moving forward in establishing the sector is to ensure that election officials receive timely information as far as threats and indicators [go] that is operational information that they can actually take and use to defend against those threats,” Masterson said.
Former DHS Secretary Jeh Johnson designated election systems as “critical infrastructure” in January as the Intelligence Community evaluated Russian influence in the 2016 presidential election.