Three federal cybersecurity officials told a roomful of county IT personnel Thursday that many of the threats to election security that manifested last year are likely to repeat themselves in future cycles.
During a panel at the National Association of Counties’ annual conference at a hotel outside Washington, the officials — representing the Department of Homeland Security, the National Security Agency and the FBI — reviewed findings released earlier this year by the intelligence community and federal law enforcement that showed that foreign governments attempted to wage online influence campaigns against voters, election officials and campaigns in 2020.
While none of those efforts compromised the integrity of the election and the tabulation of ballots, they did run the risk of undermining both public trust in the voting process and the personal safety of election officials, said Geoff Hale, who runs the election security initiative at DHS’s Cybersecurity and Infrastructure Security Agency. He recounted an email campaign last October that sent intimidating messages to voters in Florida warning recipients to “Vote for Trump or else!” but that was quickly attributed to the government of Iran.
“Iranian actors doxed a lot of election officials and targeted individuals as public servants to make them feel unsafe,” Hale said. “They need to rebuild trust as unbiased nonpartisan arbiters of process upholding our democracy.”
David Imbordino, the NSA’s election security lead, said his agency still sees those kinds of campaigns as “a pretty big threat” going into 2022 and beyond. Other influence campaigns U.S. officials identified in 2020 were tied to Russia and China.
Cynthia Kaiser, a section chief in the FBI’s cyber division, also told the county representatives that their jurisdictions’ election systems should be protected against the same potential network intrusions IT departments deal with every day. The same measures taken to prevent incidents like ransomware, she said, are useful in defending elections.
“Expect in 2022, 2024, your networks are going to be attacked again and again and again, and it’s important to expect those so we can put the proper security in place,” she said. “Ransomware or any other actors are going to get on your network the same way. Scan to see if you haven’t patched a vulnerability or spearphish to get someone to click on a malicious link.”
But that level of coordination is still a work in progress in many counties, Hale said. He urged the IT officials in the room to engage their counties’ election officials and bring them into processes like incident-response planning. And Hale, Kaiser and Imbordino all stressed the benefit of joining organizations like the Multi-State Information Sharing and Analysis Center and its Elections Infrastructure ISAC sibling.
“When Dave’s organization thinks there’s something worth knowing, I have to use existing channels,” Hale said.
Hale also encouraged counties, if they haven’t already done so, to move their online footprints to the federally administered dot-gov top-level domain, which CISA recently began managing.
The panel’s moderator, Ricky Hatch, the clerk and auditor in Weber County, Utah, said his county recently made the transition over a two-week period and that it was less arduous than expected, especially since CISA waived the $400 registration fees the federal government once charged. Hale said greater dot-gov use can also help restore public confidence.
“A lot of this is about trust,” Hale said. “People you interact with know you’re a trusted source if you have a dot-gov.”