A 24/7 war room will operate from Election Day until local officials are confident in the results. It shows just how far DHS’s cybersecurity agency has come since 2016.
On Election Day, DHS’s Cybersecurity and Infrastructure Security Agency (CISA) will launch a 24/7 virtual war room, to which election officials across the nation can dial in at any time to share notes about suspicious activity and work together to respond. The agency will also pass along classified information from intelligence agencies about efforts they detect from adversaries seeking to undermine the election and advise states on how to protect against such attacks.
“I anticipate possibly thousands of local election officials coming in to share information in real time, to coordinate, to track down what’s real and what’s not, separate fact from fiction on the ground,” said Matt Masterson, CISA’s senior cybersecurity adviser, who has helped lead election preparations. “We’ll be able to sort through what’s happening and identify: Is this a typical election event or is this something larger?”
The operation will run for days or weeks until winners are clear in most races — and potentially until the election is formally certified in December. “We’ll remain stood up until the [election] community tells us, ‘Okay, we’re good, you can stand down,’ ” Masterson said.
CISA has been aggressively responding to interference attempts for weeks already. It helped states tackle a drumbeat of disinformation, including what officials said was an Iranian effort to intimidate voters in Florida and other states and a Russian scheme to hack Democratic and Republican Party officials.
As states brace for larger-scale interference attempts on Nov. 3 — including the possibility that hackers time may try to manipulate voter registration data or vote tallies, or otherwise prevent large numbers of people from casting ballots — CISA’s Northern Virginia headquarters will convene dozens of officials from DHS, intelligence agencies, political parties, social media companies and voting machine vendors to orchestrate how the government can respond.
If there are concerning signs of interference, teams of CISA employees stationed in different regions across the country stand ready to deploy to polling places or election offices to help assess what’s going on.
The agency is also focused on tamping down unwarranted panic: It’s planning phone conferences with media every few hours to explain any interference it sees — and to put into context events that may raise suspicions but turn out to be more typical Election Day problems, such as malfunctioning voting machines, confusion about voter rolls and crashing elections office websites.
“Rest assured however our partners at the state & local level are working around the clock to make sure each vote is counted properly, but it’s important to recognize this process may require time.” @DHS_Wolf explains the importance of patience in waiting for election results. pic.twitter.com/Ep86zUqUuh
— Homeland Security (@DHSgov) November 3, 2020
CISA ran similar operations during the 2018 midterm elections and on Super Tuesday during the presidential primaries, neither of which was affected by significant hacking activity from abroad. CISA Director Chris Krebs warned at the time, however, that Russia may be “keeping its powder dry” and described those elections as a “dress rehearsal for the big show” in 2020.
Krebs and other officials have managed to talk candidly about those threats largely by flying beneath Trump’s radar, focusing on the nitty-gritty of securing voting machines and other election technology, and steering clear of broader questions about the U.S.-Russia relationship, current and former officials said.
“The folks at CISA continue to just play it straight and call it as they see it,” said Suzanne Spaulding, who led a predecessor agency to CISA called the National Protection and Programs Directorate during the Obama administration. “Part of it is flying under the radar, which is unfortunate. You’d like to have a president out there reinforcing the messages CISA’s putting out. But the best they can do is try to get their message out to the key people who need to hear it.”
While the agency has been criticized for a slow learning curve about the peculiarities of election administration and for sometimes not providing threat information quickly enough, CISA has almost certainly helped the U.S. vote become more secure now than it was four years ago. It has sent staff to test the cybersecurity of election systems in hundreds of jurisdictions since 2016 and helped many states shift to more secure voting systems that include paper records for all votes and the capability to conduct rigorous post-election audits.
Progress on election security is also not uniform across all states. About 10 percent of U.S. voters concentrated in seven states still don’t have an in-person voting option that includes a paper trail, which officials say is key to ensuring votes weren’t manipulated by hackers. That’s down significantly from 2016 when about 20 percent of voters lacked a paper backup, but still highly concerning to election experts. The silver lining: The percentage of votes cast without a paper record will likely be even lower than expected this year because of the surge in mail voting during the pandemic.