DHS offers resources to protect election systems

Dear Executive Director Chase:

It was a pleasure to speak with the National Association of Counties (NACo) members earlier today.  I know from our discussion that the cybersecurity of our elections systems is something that we all take very seriously. As we discussed, we live in a world where we must protect our nation’s information technology against increasingly sophisticated and creative cyber attacks from a range of bad actors that include criminals, nation-state actors and others. As it has now been widely reported in the press, the prospect of cyber attacks on our nation’s election systems must be taken seriously, and we must do our best to stay one step ahead of potential bad actors. As discussed on our call, I am writing to describe the services that the Department of Homeland Secretary (DHS) is offering to assist with protecting your members’ election systems and reducing vulnerabilities.

DHS is here to support election officials in protecting against a cyber attack on their election systems. We recognize that State and local election officials administer and oversee the election process. The Federal government, to include DHS, the U.S. Election Assistance Commission, the Department of Commerce’s National Institute of Standards and Technology, and the Department of Justice, has no intention of overseeing or regulating your election process. Our role is limited and is to support you. We are offering counties several voluntary no-cost services and products that can be leveraged before the election, described below.

Cyber Hygiene scans of election systems, which are voluntary assessments of internet-accessible systems for known vulnerabilities and configuration errors. If county governments request this service, we will provide a report to them, which includes remediation and mitigation recommendations to address identified vulnerabilities that can be used to improve their cybersecurity posture. Several States and counties are currently employing DHS Cyber Hygiene scans on parts of their networks, and I want to remind your NACo membership that this service is available to them and can be applicable for internet-facing election systems, such as online voter registration databases. If interested, we can start the Cyber Hygiene scanning within a week of receiving the necessary information from counties.

Direct points of contact for field-based Cyber Security Advisors and Protective Security Advisors who can provide actionable information and connect county governments to a range of tools and resources available to improve the cybersecurity preparedness of election systems and the physical site security of voting machine storage and polling places. These advisors are also available to assist with planning and incident management assistance for both cyber and physical incidents. See www.naco.org/DHSadvisors.

Physical and protective security tools, training and resources that can help prepare election polling sites. The Department encourages you to connect, plan, train, and report through guidance which can be found at DHS.gov/hometown-security. Applying these practices intends to assist stakeholders train administrative and volunteer staff on identifying and reporting suspicious activities, active shooter scenarios, and what to do if they suspect an improvised explosive device. These resources ensure a foundation of security basics, emergency response, continuity plans, and increased awareness of potential threats. Contact the local DHS Protective Security Advisor for access to DHS resources a NICC@hq.dhs.gov.

Cybersecurity alerts and bulletins through DHS’s National Cybersecurity and Communications Integration Center (NCCIC) and the Multi-State Information Sharing and Analysis Center (MS­ ISAC). I recommend that interested parties sign up for cybersecurity alerts from the NCCIC, the Federal government’s primary hub for cybersecurity information sharing, and the MS-ISAC, the DRS-funded focal point for cyber threat prevention, protection, response and recovery for the State, local, tribal and territorial governments. NACo members can then leverage this information to improve the cybersecurity of your election systems. See www.naco.org/sample-alert)

For more information on, or to request any of these services, please contact SLTTcyber@hq.dhs.gov, information is also available online at US-CERT.gov/ccubedvp/sltt.

I want to thank NACo and its membership for your continued leadership in the safeguarding of elections and assure you all that the Department of Homeland Security will do all it can to help in this mission.

Sincerely,

Suzanne Spaulding
Under Secretary, National Protection and Programs Directorate
U .S. Department of Homeland Security