Watch our live launch event for our Election Cybersecurity Scorecard now on the CSIS website.
Will Carter: we need to establish strong security, not minimum security. We need to invest in upgrading our outdated election systems today, but it is just as important to establish continuous funding streams to keep our election infrastructure safe from new and emerging threats
Bob Kolasky: since 2016, state election officials have embraced the need pay attention to cybersecurity threats, and coordination between state and federal officials is stronger than ever
Bob Kolasky: DHS is focused on achieving three strategic goals for protecting election infrastructure: improving information sharing, raising the standard of cybersecurity protections across the states, and communicating a long term strategy for improving security
John Gilligan: The election infrastructure ISAC now covers all 50 states, with participants in over 1,400 jurisdictions sharing threat information and coordinating their responses.
Suzanne Spaulding: It would be extremely difficult for an adversary to change the outcome of a national election without being detected. However, there is a risk that even unsuccessful attacks could undermine public confidence in election integrity
John Gilligan: in contrast with state and local election infrastructure, political campaigns do not have permanent, established cybersecurity and IT talent working to secure their information systems. This creates vulnerability, and makes coordination more difficult.
Jon Check: free software and tools for election organizations are nice, but they make little difference if the group isn't able to integrate those capabilities and stand up basic cybersecurity protections.
Bob Kolasky: election officials are very active at combating misinformation around the logistics of the midterm elections, such as false messaging about voting times and places, but DHS has not seen signs of directed campaigns of misinformation against specific campaigns
Brian Newby: there is a threat that any kind of unexpected event on election day could be misconstrued as a cyber attack. But election administrators have worked to set up redundancy systems to manage any disruption and communicate information to the public
Bob Kolasky: responsible behavior by election vendors include participation in information sharing, supply chain security management, and tight coordination with customers on pushing security solutions
John Gilligan: new guidelines for voting machines will help improve security, but there is a need for common security standards across the entirety of the election infrastructure ecosystem.
