|
Home | Forums | Gallery | Register | Video Directory | FAQ | Members List | Calendar | Games | Today's Posts | Search | Chat Room |
|
Thread Tools | Display Modes |
#1
|
||||
|
||||
Written testimony of DHS for a Senate Select Committee on Intelligence hearing titled
Written testimony of DHS for a Senate Select Committee on Intelligence hearing titled “Election Security”
03-20-2018 08:00 PM Release Date: March 21, 2018 216 Hart Senate Office Building Chairman Burr, Vice Chairman Warner, and members of the Committee, thank you for today’s opportunity to testify regarding the U.S. Department of Homeland Security’s (DHS) ongoing efforts to assist with reducing and mitigating risks to our election infrastructure. Almost a year ago, DHS appeared before this Committee to testify on the same topic. Today, DHS is pleased to share with you the progress we have made to establish trust-based partnerships with our Nation’s election officials who administer our democratic election processes. Russian efforts to influence the 2016 U.S. presidential election demonstrated a significant escalation in directness, level of activity, and scope of effort compared to previous operations. Recognizing that the 2018 U.S. mid-term elections are a potential target for Russian influence operations, DHS is committed to robust engagement with state and local election officials, as well as private sector entities, to assist them with defining their risk, and providing them with information and capabilities that enable them to better defend their infrastructure. Safeguarding and securing cyberspace is a core homeland security mission. Given the foundational role that elections play in a free and democratic society, in January 2017 the Secretary of Homeland Security determined that election infrastructure should be designated as a critical infrastructure subsector. As such, DHS and our federal partners have formalized the prioritization of voluntary cybersecurity assistance for election infrastructure similar to that which is provided to a range of other critical infrastructure entities, such as financial institutions and electric utilities. Since 2016, DHS’s National Protection and Programs Directorate (NPPD) has convened federal government and election officials regularly to share cybersecurity risk information and to determine an effective means of assistance. The Election Infrastructure Subsector (EIS) Government Coordinating Council (GCC) has worked to establish goals and objectives, to develop plans for the EIS partnership, and to lay the groundwork for developing an EIS Sector-Specific Plan (SSP). GCC representatives include DHS, the Election Assistance Commission (EAC), and 24 state and local election officials. Participation in the council is entirely voluntary and does not change the fundamental role of state and local jurisdictions in overseeing elections. Additionally, DHS and EAC have worked with election industry representatives to launch an industry-led Sector Coordinating Council (SCC). In general the SCC is self-organized, self-run, and self-governed, with leadership designated by the sector membership. The SCC serves as industry’s principal entity for coordinating with the government on critical infrastructure security activities and issues related to sector-specific strategies, and policies. The collaboration of the GCC and SCC is through an established process under DHS’s authority to provide a forum in which government and private sector entities can jointly engage in a broad spectrum of activities to coordinate critical infrastructure security and resilience efforts. This structure is used in each of the critical infrastructure sectors established under Presidential Policy Directive 21—Critical Infrastructure Security and Resilience. It provides a well-tested mechanism across critical infrastructure sectors for sharing threat information among the federal government and critical infrastructure partners, advancing risk management efforts, and prioritizing services available to sector partners in a trusted environment. In addition to the work of the EIS-GCC and SCC, NPPD continues to directly engage state and local election officials – coordinating requests for assistance, risk mitigation, information sharing, and incident coordination, resources, and services. In order to ensure a coordinated approach from the federal government, NPPD brought together stakeholders from across the Department and other federal agencies as part of an Election Task Force (ETF). The ETF increases the Department’s efficiency and effectiveness in understanding, responding to, communicating, and sharing information related to cyber threats. The ETF serves to provide actionable information and offer assistance to assist election officials with strengthening their election infrastructure by reducing and mitigating cyber risk. Within the context of today’s hearing, the Department’s testimony will address the unclassified assessment of malicious cyber operations directed against U.S. election infrastructure, but not the overall Russian influence campaign covered in the January 2017 declassified Intelligence Community (IC) Assessment. DHS’s testimony will outline its efforts to help enhance the security of elections that are administered by state and local jurisdictions around the country, our progress to date, and our strategy moving forward. Assessing the Threat NPPD regularly coordinates with the the intelligence community, and law enforcement partners on potential threats to the Homeland. Among non-federal partners, DHS has been engaging state and local officials, as well as relevant private sector entities, to assess the scale and scope of malicious cyber activity potentially targeting the U.S. election infrastructure. Election infrastructure includes the information and communications technology, capabilities, physical assets, and technologies that enable the registration and validation of voters; the casting, transmission, tabulation, and reporting of votes; and the certification, auditing, and verification of elections. In addition to working directly with state and local officials, we have partnered with trusted third parties to analyze relevant cyber data, including the Multi-State Information Sharing and Analysis Center (MS-ISAC), the National Association of Secretaries of State and the National Association of State Election Directors. We also used our field personnel deployed around the country, to help further facilitate information sharing and enhance outreach. Such engagement paid off in terms of identifying suspicious and malicious cyber activity targeting election infrastructure in 2016. A body of knowledge grew throughout the summer and fall of 2016 about suspected Russian government cyber activities, indicators, and understanding that helped drive collection, investigations, and incident response activities. On October 7, 2016, DHS and the Office of the Director of National Intelligence (ODNI) released a joint statement on election security and urged state and local governments to be vigilant and seek cybersecurity assistance. Our message today remains the same. Enhancing Security for Future Elections NPPD is committed to ensuring a coordinated response from DHS and its federal partners to plan for, prepare for, and mitigate risk to election infrastructure. We understand that working with election infrastructure stakeholders is essential to ensuring a more secure election. Based on our assessment of activity observed in the recent elections, NPPD and our stakeholders are increasing awareness of potential vulnerabilities and providing capabilities to enhance the security of U.S. election infrastructure as well as that of our democratic allies. Our election process is governed and administered by state and local election officials in thousands of jurisdictions across the country. These officials manage election infrastructure and ensure its security on a day-to-day basis. State and local election officials across the country have a long-standing history of working both individually and collectively to reduce risks and ensure the integrity of their elections. In partnering with these officials through both new and existing, ongoing engagements, NPPD is working to enhance their efforts to secure elections. Improving Coordination with State and local partners Increasingly, the nation’s election infrastructure leverages IT for efficiency and convenience. While the benefits are many, reliance on digital technologies introduces new cybersecurity risks. NPPD helps stakeholders in federal departments and agencies, state and local governments, and the private sector to manage these cybersecurity risks. Consistent with our long-standing partnerships with state and local governments, we have been working with election officials to share information about cybersecurity risks, and to provide voluntary resources and technical assistance. The Naitonal Cybersecurity and Communications Integration Center (NCCIC) works with the MS-ISAC to provide threat and vulnerability information to state and local officials. Created by DHS over a decade ago, the MS-ISAC is partially funded by NPPD. The MS-ISAC’s membership is limited to state and local government entities, and all fifty states and U.S. territories are members. It has representatives co-located with the NCCIC to enable regular collaboration and access to information and services for state chief information officers. Providing Technical Assistance and Sharing Information Through engagements with state and local election officials, including working through the Sector Coordinating Council, NPPD actively promotes a range of services to include but are not limited to the following:
This year our Nation is preparing for upcoming primary and special elections as well as the general election in November. Some states such as Arizona, Texas, and Illinois have already conducted primary elections. We have been working with election officials in all states to enhance the security of their elections by offering support and by establishing essential lines of communications at all levels – public and private – for reporting both suspicious cyber activity and incidents. This information sharing is critical and our goal is to enhance transparency and have visibility of aggregated elections-related cybersecurity efforts. Over the course of the past eight months, DHS has made tremendous strides and has been committed to working collaboratively with those on the front lines of administering our elections—state and local election officials and the vendor community—to secure election infrastructure from risks. The establishment of government and sector coordinating councils will build the foundations for this enduring partnership not only in 2018, but for future elections as well. We will remain transparent as well as agile in combating and securing our physical and cyber infrastructure. In closing, we recognize the fundamental link between public trust in our election infrastructure and the confidence the American public places in basic democratic functions. Ensuring the security of our electoral process is a vital national interest and one of our highest priorities at DHS. Our voting infrastructure is diverse, subject to local control, and has many checks and balances. As the threat environment evolves, DHS will continue to work with federal agencies, state and local partners, and private sector entities to enhance our understanding of the threat; and to make essential physical and cybersecurity tools and resources available to the public and private sectors to increase security and resiliency. Thank you for the opportunity to appear before the Committee today. The Department looks forward to your questions. Topics: Critical Infrastructure Security, Cybersecurity, Information Sharing Keywords: Election infrastructure, Election security, Election Task Force, ETF, NCCIC More... |
Sponsored Links |
|