I also want to thank @CISAgov's federal partners at @FBI@NSAGov@US_CYBERCOM@ODNIgov@EACgov for all the hard work, preparation, planning, and support over the last 3.5 yrs. An honor to be a part of this team defending democracy.
A few quick security takeaways based on early voting: (1) there's confidence in the security of the vote, & (2) we've had more opportunity to spot problems & fix them early on. Thx to @CISecurity for hosting the Election Infrastructure ISAC
Election systems are more secure than ever, & more resilient, too! ~95% of votes will have a paper record, which allows for post-elex audits. But that doesn't mean there won't be problems - be careful not to jump to "it's the cyber!!!" Systems sometimes break. #KeepCalmandVoteOn
Regarding threats, we've seen efforts by foreign actors to undercut confidence in the vote - but we were ready and responded quickly E.g., w/n 27 hrs of reports of emails and a video designed to intimidate voters, we briefed elect officials & publicly pegged the effort on Iran.
We also saw Iran targeting state systems to get voter data. Though they were able to obtain data, they had no ability to alter voter data. We've worked with the state and have shared more defensive info with other states.
Then there's Russia - they sought access to a broad range of State, local, federal and private sector systems, with limited success. In one county they obtained voter related data, but again, weren't able to alter data.
Russia has also continued their disinfo/influence operations exploiting racial divides, gender issues, and stoking social unrest. These efforts are designed to undermine confidence in democracy - spot and stop disinfo campaigns! cisa.gov/sites/default/…
We're not out of the woods yet, and we might see more stuff tmrw and beyond - attacks designed to create confusion and mislead voters, or even slow down voting. Website outages/defacements, efforts to disrupt election night reporting, or even lock up ePollbooks.
Keep in mind those systems aren't connected to vote casting or vote counting! And there are resilience measures in place, including good old paper backups! It's like the Mitch Hedberg (RIP) joke...
"An escalator can never break: it can only become stairs. You should never see an Escalator Temporarily Out Of Order sign, just Escalator Temporarily Stairs. Sorry for the convenience"
If you experience any issues stay calm & ask for a help!
You can get a provisional ballot!
On the disinformation front, we've also made progress on countering disinfo. The best part? The American people are more resistant to all the garbage today than four years ago. Keep it up, patience is key, and don't amplify sensational and unverified claims.
Don't forget to check out CISA.gov/rumorcontrol for facts on elections and election security. We're constantly updating the content, so check back for more! Thanks to everyone that's amplifying!
So to wrap this one up, Americans voters are going to decide this election, of that I'm sure. I'm also sure that no matter the outcome, there's a common bond we all share that's more powerful than political allegiances - we're all Americans. Don't ever forget that. #Protect2020
• • •
Missing some Tweet in this thread? You can try to
force a refresh
Yesterday, I issued an emergency directive to US civilian agencies requiring immediate actions to protect Federal information systems from ongoing DNS hijacking and tampering activities. This activity was first raised to CISA by partners in the internet security community. 1/7
We are aware of a number of agencies affected by the tampering activities and have notified them. In part, by issuing the directive, CISA seeks to work with agencies to detect and prevent additional impacts on agencies and systems. 2/7
The directive lays out a set of risk-informed, straightforward, and high impact/low burden actions that agencies must take to harden systems and improve awareness and trustworthiness of key security processes. 3/7