With less than three months until the midterm elections, the Department of Homeland Security held a three-day exercise this week that allowed state and local officials to practice warding off an array of cyberthreats, from spear-phishing campaigns to distributed denial of service attacks.
The drills, which featured officials from 44 states, the National Security Agency and U.S. Cyber Command, among other federal agencies, “explored potential impacts to voter confidence, voting operations, and the integrity of elections,” according to a DHS statement.
The Election Assistance Commission, the federal agency charged with distributing $380 million in election-security funding to states, also took part.
DHS said private vendors participated in the exercise, but did not name them.
The exercise covered several scenarios, according to DHS: spear phishing against election officials; social media manipulation related to political candidates; “disruption” of voter registration IT systems; distributed denial-of-service attacks and “web defacements” affecting board of election websites and web applications; “the exploitation of state and county board of election networks;”’ and “malware infections impacting electronic voting machines and election management system software.”
Grappling with those simulated attacks, federal, state and local officials tested their lines of communication and their ability to quickly share threat information. The drill also harped on the importance of having a cyber incident response plan with regards to election infrastructure. Specifically, participants examined “procedures for requesting state and federal incident response resources if county and state resources are exhausted,” according to the DHS statement.
“In this environment, if we prepare individually, then we fail collectively, and I am grateful for everyone’s participation and partnership this week,” Homeland Security Secretary Kirstjen Nielsen said in a statement.
The DHS-led exercise comes as U.S. officials warn that Russia will continue to interfere in U.S. elections, and as states ramp up their cybersecurity measures to prepare for the midterms.
In advance of the 2016 presidential election, Russian hackers probed the IT systems of 21 states, including Illinois, where they breached a voter registration database. While activity on that scale has not yet surfaced this campaign season, Sen. Claire McCaskill, a Democrat in a close race in Missouri, has confirmed that she was targeted by Russian spearphishers.