Is the Department of Homeland Security ready to help protect next week’s midterm elections against foreign interference? Officials are doubling down on last-minute efforts to boost cybersecurity ahead of nationwide voting on Nov. 6.
Speaking at the CyberCon 2018 conference, hosted in Pentagon City, Virginia, Nov. 1 by Fifth Domain, officials from DHS and the Department of Defense outlined initiatives and plans for cyber defense, including the role of government cyber operations centers. One DHS official noted that her agency’s operations center is running around the clock to overcome longstanding hurdles in election security.
“What we’ve got going on right now is a full court press in support of state and local governments to secure election infrastructure,” said Boyden Rohner, the director of cybersecurity operations at DHS' Information Security Office.
That full court press, Rohner continued, includes everything from increasing the tempo of information-sharing with state and local officials to implementing unspecified technology solutions and working with vendors.
Elections are a multifaceted challenge, already a tangle of jurisdictions and varied practices, so coordinating a federal solution to 50-plus flavors of local execution is likely to involve some hiccups. To make sure that the federal capacity is there, earlier this year, DHS set up a working group with DoD in case civilian capabilities get overwhelmed. Progress, however, has been less than rapid.
“I just came from a meeting where we brought 11 DoD folks on board to get familiar with the Department of Homeland Security” way of doing things, said Rohner. “They started this week, learning our environments; staying within their authorities, but getting a better understanding of what we do, so we can speak a similar lexicon when it really matters.”
If there’s an underlying constraint on managing the threat to election infrastructure, Rohner suggested it is just a generally exhausting pace of work. She pointed to burnout as one of the top concerns for staffing 24/7 ops centers.
“I feel like so many things fail because we gave short shrift to the task at hand,” said Rohner. “We’re so overwhelmed by the urgency of the request from our undersecretary or the private sector in response to incident.”
Rohner indicated that the hope to overcome the overwhelming demands put on operations centers is to create a planning element within the center that is firewalled from immediate demands and focused on long-term operations. But it’s not clear when or how this would be implemented.
“How do you ensure that institutional knowledge stays in the organization after all these smart people who were there move on?” Rohner said. “We suffer from not having good knowledge management systems that document how things work; we suffer from not having [standard operating procedures] that they do regularly.”