Consistent Support Crucial for Election Security, CISA Director Says
Christopher Krebs advocates for a long-term, actionable plan to support state and local electoral commissions.
Nearly every one of the 50 states is on the right path to “Protect 2020,” CISA Director Christopher Krebs said at the CISA Cybersecurity Summit Sept. 19, but developing a consistent, actionable plan in conversation with those governments will be essential for both the next election and the ones to come.
The $250 million that the Senate has allocated toward election security is a “good start,” Krebs said, but it is not “something they can set their budgets and watches by.” Instead of a one-time cash injection, Krebs encouraged federal cybersecurity leaders to engage with state and local officials to understand where their risk management priorities lie and what the cost of managing that risk will be.
“When I think about funding,” Krebs explained, “I think about three buckets.”
In his experience, state and local governments must first think about “the risk in the system now” — implementing paper ballot backups and removing direct recording electronic voting systems wherever possible. Online voting systems, too, are “too bleeding-edge for full-scale deployment,” he cautioned, instead recommending that federal and local agencies find a way to “strike a balance between security and voter participation.”
The second bucket focuses on a long-term “dependable stream of funding” for both hiring security professionals and issuing IT service contracts. In this role, the federal government can serve as a “dependable partner” not only for funding, but also for working with local governments to identify priorities in pursuit of an actionable plan.
“The Cyber Incident Response Plan is not an actionable plan in and of itself,” Krebs said. In its current form, it is a framework between CISA, the FBI and the Intelligence Community, but the next step is to tap into the experience and understanding on cybersecurity at all levels of the government to create “the implementing doctrine” to support the plan. States need to know what they can “clearly anticipate coming from the federal government,” Krebs said.
The third bucket is “an innovation fund” focused on utilizing the federal system as the laboratory for government cybersecurity just as it is a laboratory for democracy. It could take up to 10 years to get a nationwide cybersecurity process in place, Krebs said, and the innovation fund for states would help foster pilot programs and form the foundation of the long-term timeline to implement that process or even shorten the timeline.
Everyone is moving in the right direction for election security, Krebs underscored. Consistent funding and support nationwide will “give them a boost.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
How TMF is Helping Agencies Accelerate Tech Modernization
The program launched a new AI pilot to expedite TMF applications as agency leaders urge more to consider applying for funds.
4m read -
Energy Researchers Aim For Holistic Approach to AI Issues
A new center at the Oak Ridge National Laboratory is looking at under-researched areas of AI to better understand how to secure it.
2m read -
A Prepared Workforce is Key to Cyber Resiliency
Strong training strategies and emphasizing cyber hygiene basics enhance security practices at federal agencies.
2m read -
Coast Guard Poised for Growth in Cyber
The service’s prevention policy chief discusses his priorities for combatting cyber incidents that could have global impacts.
23m listen