Augino praised the advocacy of Krebs and the rest of the CISA elections security team, including Matt Masterson, a senior cybersecurity adviser who specializes in election security.
“We saw that pay off with the announcement about the voter intimidation emails prior to the election,” she says. “The team at CISA worked hard to get information to the election community as quickly as possible so we could prepare and defend ourselves and the Nov. 3 election.”
Election officials have spent the past few years exercising and preparing for a wide range of scenarios, Augino says, “which helped, because 2020 threw a lot at us.”
“States have implemented things like two-factor authentication, phishing trainings, risk and vulnerability assessments and other best practices, which have been especially valuable this year as more people have been working remotely as a result of the pandemic,” she notes.
NASS President and New Mexico Secretary of State Maggie Toulouse Oliver also praised the cooperation with CISA. “A great example of Election Day cooperation among DHS and NASS members was the DHS virtual situational awareness room, where hundreds of state and local election officials across the country shared election information with one another in real time,” she says.
There were a few minor technology-related incidents on Election Day that election officials had to contend with. For example, as Oliver notes, “the Texas Secretary of State’s election night reporting site had technical difficulties; however, they were transparent about the issue and worked quickly to remedy the situation with their vendor. The office sent out a tweet notifying about the outage and a tweet saying it was fixed, she says.
In Franklin County, Ohio, an electronic poll book could not be uploaded because the file was too large, so election workers checked voters in via a paper backup. Overall, however, everything ran smoothly from an election security standpoint, and there is “no evidence of any manipulation of voter registration data or other election-related data by malicious cyber actors,” Oliver says.
The EI-ISAC also says that its preparations, built up over the past few elections, paid off, and that the planning and reporting flows it put into place worked as they should have, according to EI-ISAC Director Ben Spear.
“None of that would have been successful without the tools deployed by and the relationships developed with the elections community,” he says. “Tools like Albert network monitoring, Malicious Domain Blocking and Reporting (MDBR), and Endpoint Detection and Response (EDR) provided us additional feeds of information to identify potential threats and correlate them across jurisdictions. Even further, the deployment of tools beyond these at the state and local level allowed election offices to quickly investigate and take action.”
LEARN MORE: CISA’s Bryan Ware explains how the coronavirus pandemic has affected cybersecurity efforts.
What to Watch For Moving Forward on Election Security
CISA is maintaining its in-person operations center at its headquarters in Arlington, Va., for 45 days after the election, and Krebs has said that Election Day only marks “halftime” in the agency’s election security efforts.
“There may be other events or activities or efforts to interfere and undermine confidence in the election,” Krebs said on a call with reporters, according to Nextgov.
“We’ve been in enhanced coordination posture now for 45 days and will continue that enhanced coordination posture for another 45 days, or as long as needed to make sure we’re sharing information with our partners,” an unnamed senior CISA official said on the call, Nextgov reports.
Additionally, Nextgov reports, the operations center will have both classified and unclassified intelligence flowing into it, and partners will include the FBI and the broader intelligence community, the Defense Department, the U.S. Postal Service, NASED, NASS, the U.S. Election Assistance Commission, both major political parties, social media and election technology companies, and others, according to CISA.
Augino adds that election officials “can’t put a bow on 2020 yet” and that there is still a lot of work ahead.
“Communication across levels of government was a notable success this year, but we can always be better,” she says. “Once we certify the results, we’ll take some time to look back and see where we can improve, both at the individual state level and at the national level.”