Making Elections Critical Infrastructure Sends Clear Message to Adversaries



The decision by the U.S. Department of Homeland Security to designate election infrastructure as critical infrastructure significantly extends federal protection of voting systems.

The series of intrusions into systems owned by political parties, candidates, and politically allied organizations leading up to last year’s election likely will continue to produce repercussions for the foreseeable future. There already have been plenty of ripple effects, including the publication of declassified reports naming the Russian government as the actor behind compromises of the Democratic National Committee and other organizations, and a recent decision by the Department of Homeland Security to bring U.S. election systems under the protective umbrella of critical infrastructure.

The move is an administrative one that ordinarily would get little if any attention. Certainly, no one is thinking twice about food manufacturing facilities or wastewater plants being named part of our critical infrastructure. The federal government makes these decisions all the time, usually after months or years of consideration and hundreds of conference calls. In this case, however, Washington moved incredibly quickly, especially when you factor in the presidential transition and other complications. Less than two months after the election, which carried with it many questions and concerns about hacking and interference, DHS announced that the election infrastructure was now part of the larger, highly protected, critical infrastructure.

“The designation of election infrastructure as critical infrastructure subsector does mean that election infrastructure becomes a priority within the National Infrastructure Protection Plan. It also enables this Department to prioritize our cybersecurity assistance to state and local election officials, but only for those who request it,” Secretary of Homeland Security Jeh Johnson said in the announcement on Jan. 6.

“Further, the designation makes clear both domestically and internationally that election infrastructure enjoys all the benefits and protections of critical infrastructure that the U.S. government has to offer. Finally, a designation makes it easier for the federal government to have full and frank discussions with key stakeholders regarding sensitive vulnerability information.”

For practical purposes, what this means is that when officials involved with state and local elections have security problems, they can get prioritized help from DHS. The department has a massive amount of resources devoted to cybersecurity protection and incident response and often assists other government agencies with security problems. That assistance also extends to private organizations that fall under the critical infrastructure designation, so election officials can get information, technical help, and other resources whenever a problem arises. That’s a significant upgrade.

But the more important motivation behind this change is to send a clear message to adversaries and other governments that interference with U.S. elections will carry consequences. This is the key sentence in Johnson’s statement: “Further, the designation makes clear both domestically and internationally that election infrastructure enjoys all the benefits and protections of critical infrastructure that the U.S. government has to offer.” In other words, If you attack our election infrastructure, you can expect retribution.

The U.S. government already has shown some of its cards in this regard. Publicly pointing the finger at Russia for the DNC hacks was an unprecedented move and a clear indication that things have shifted. There are have been rumblings from Washington that there could be more information coming at some point, but either way, the die has been cast.

“Now more than ever, it is important that we offer our assistance to state and local election officials in the cybersecurity of their systems. Election infrastructure is vital to our national interests, and cyber attacks on this country are becoming more sophisticated, and bad cyber actors – ranging from nation states, cyber criminals and hacktivists – are becoming more sophisticated and dangerous,” Johnson said.

That they are. And the move by DHS to bring election systems under its protection is meant to convey the clear message that play time is over.

Dennis Fisher

ANALYST REPORTS

Gartner 2016 Magic Quadrant for Enterprise Data Loss Prevention (DLP)

Dennis Fisher

Dennis Fisher is editor-in-chief of On the Wire. He is an award-winning technology journalist who has specialized in covering information security and privacy for the last 15 years. Prior to joining Pindrop Security, he was one of the founding editors of Threatpost and previously covered security for TechTarget and eWeek.

Free Trial 2016 Gartner DLP MQ Contact Us