Three Senate Democrats are concerned that the Department of Homeland Security’s cyber unit won’t provide adequate funding to an information sharing program with less than one year until the 2020 presidential election.
In a letter addressed to Chris Krebs, the director of DHS’ Cybersecurity and Infrastructure Security Agency, the organization tasked with protecting critical infrastructure from cyberattacks, the senators wrote that they were “dismayed” by a 70 percent cut in the DHS proposed budget to two information sharing and analysis centers or ISACs.
The cuts are directed at the Center of Internet Security, which runs the Multi-State ISAC and was asked to run the Election Infrastructure-ISAC. According to a press release from Sen. Maggie Hassan, D-N.H., the proposed budget for fiscal year 2020 would cut funding for the center to $10.4 million from $15 million.
The centers provide partners with threat intelligence, best practices and tools to help protect potentially vulnerable systems. They are made up of state, local and tribal officials, the front lines of election security defense. Top election officials in the federal government, especially Krebs, regularly emphasize the importance of information sharing in defending networks. That makes the proposed cuts to information sharing unexpected.
“Local governments – including small towns, counties, and school districts - simply do not have the budgets, the personnel, or the expertise necessary to deploy sophisticated tools in order to defend themselves against this evolving threat environment. ... We hope that you will work with us to address this urgent concern and ensure that DHS provides MS-ISAC and EI-ISAC the resources necessary to continue their important mission,” the senators wrote.
The letter, dated Nov. 18, came on the same day the Gov. John Bel Edwards, D-La, announced on Twitter that his state was responding to a ransomware attack on state government servers.
State and local governments, as well as school districts and hospitals, across the country have been consistently targeted with ransomware in the last year. In the lead-up to the 2020 election, officials at all levels of government fear ransomware attacks on voter registration databases.
For its part, Congress has been slow to send money to states for election security. Last year, Congress sent $380 million to states, but none so far this year. Krebs said in September that the states need a consistent stream of money, not “these inconsistent mass injections of cash.”
“We cannot afford to curtail support to [state, local, tribal and territorial] entities and election administrators when they need it most,” the senators wrote. “The prospect of a ransomware attack against election infrastructure is real and threatens the foundations of our democracy.”