Secretaries of State Gather for Winter Meeting ... 2 of 5 >
Feb. 16, 2018 - The focus on cybersecurity began with the opening breakfast panel discussion "Cybersecurity Best Practices for Elections."   Tammy Patrick, senior advisor for the Democracy Fund's election program, moderated.  Participants included Joseph Lorenzo Hall, chief technologist at the Center for Democracy & Technology (CDT); Sabra Horne, director of Stakeholder Engagement for Cyber Infrastructure Resilience (SECIR), at the Department of Homeland Security; Dr. Michael Garcia of the Center for Internet Security; Walter Tong, director of cyber intelligence for the Georgia Technology Authority; and Connecticut Secretary of State Denise Merrill. 

Hall acknowledged that it is difficult to test election systems and said it is important to build local cybersecurity capacity. 

Horne outlined services the DHS can provide election officials.  She said that last year the agency conducted 173 assessments. 

Garcia noted that somewhat contrary to the current narrative "there's a ton [of activity] going on in cybersecurity" for elections."  Garcia's organization recently released "A Handbook for Election Security Infrastructure" which looks at the overall election ecosystem and classifies risks (network connected, indirectly connected, and transmission related) and sets out 88 best practices.  The work is designed to help administrators understand where their highest risks are so they determine the best place to spend their next dollar.

Tong  considered the "threatscape" and said "they go after any target that's open to them...they get in where they can get in and then they exploit it."

Merrill, who served as president of NASS during the 2016 election, emphasized, "We have been managing risk for a long time."  She said the biggest threat is "the American public believing the many false stories that are being fed to them."  Hacking in 2016 targeted election systems in 21 states.  Merrill said it was important to develop a clear lexicon; although Connecticut was one of the states affected in 2016 "it was still not exactly clear" what happened.  Registration lists were at risk, but election tallies were not manipulated.

Panelists agreed that public trust is at stake and considered how best to explain to the public ("message") the threats and what had happened in 2016.  Garcia summed up the 2016 hacking of state election systems as "criminals looked in the window but didn't get in."

  

Matt Masterson (below), chairman of the U.S. Election Assistance Commission, moderated a session on "Planning Now, Looking Ahead to November 2018."  Participants included (left to right) Robert Kolasky, Acting Deputy Under Secretary for National Protection and Programs Directorate at the U.S. Department of Homeland Security; Indiana Secretary of State Connie Lawson; Susan Parnas Frederick, senior federal affairs counsel at the National Conference of State Legislatures; David Forscey, policy analyst in the Homeland Security & Public Safety Division of the National Governors Association; and Noah Praetz, director of elections in Cook County, Illinois.
Masterson is finishing up a year as chairman of the Election Assistance Commission (+).
Christopher C. Krebs is Senior Official Performing the Duties of the Under Secretary for the National Protection and Programs Directorate and Assistant Secretary of Infrastructure Protection at DHS.  He started at DHS as senior counselor in March 2017; his experience includes director of cybersecurity policy for Microsoft from Feb. 2014-March. 2017.  On Feb. 8, 2018 President Trump announced he would nominate Krebs to be Under Secretary.  Also of note, the U.S. House of Representatives in Dec. 2017 passed a bill that would restructure the division into the Cybersecurity and Infrastructure Security Agency (H.R.3359).

DHS did a lot of work in conjunction with the NASS meeting (+).  In addition to sending several senior staff, it sponsored classified briefings.  Additionally on Feb. 15, the Government Coordinating Council (GCC) for the Election Infrastructure Subsector met.  The GCC comprises 27 people, 24 of whom are state and local elected officials, two who are members of the EAC and one is from DHS.  A Sector Coordinating Council (SCC) for the Election Infrastructure Subsector, consisting of businesses and NGO representatives, also met for the first time. 

Yet questions to Kolasky during this session from several of the secretaries of state made it clear that some of the officials are frustrated with DHS, and that the agency needs to do a better job of communicating.  There is an inherent tension between election officials, who strive for and value transparency, and DHS, a huge federal government department which because of its work must maintain a degree of secrecy.  One DHS official explained that "the Russians got close enough to the line" so that a degree circumspection was necessary.
Robert Kolasky, Acting Deputy Under Secretary for National Protection and Programs Directorate at the U.S. Department of Homeland Security.
....next >