CISA publishes cybersecurity checklist ahead of November election
With the U.S. presidential election less than two months away, state and local election administrators finalizing operations can turn to a cybersecurity checklist published Monday by the Cybersecurity and Infrastructure Security Agency to ensure their infrastructure is protected from malicious actors.
The checklist outlines a series of steps election officials can take to protect their election infrastructure, including networks that store, host or process voter registration information, public-facing election websites that support functions like election night reporting and polling place lookup, as well as email and other critical business operations, which remain attractive targets for cybercriminals.
“Election officials around the country are unwavering in their commitment to enhance the cyber and physical security of election infrastructure to meet an evolving threat environment,” Cait Conley, CISA’s senior adviser to the director, said in an press release. “As election officials and their teams enter into final preparations for November, these checklists help highlight some of the most common threat vectors, security practices, and resilience measures for consideration.”
To better protect election infrastructure against ransomware attacks, CISA recommends officials enable multi-factor authentication on all accounts to prevent phishing, ensure their election networks are separate from other business operations and monitor network traffic to spot malicious activity.
Distributed denial of service attacks are another common threat to election security. CISA encourages election administrators and their IT personnel to maintain offline encrypted backups of critical systems and data, and to practice restoring backups after DDoS attacks. The checklist also recommends election officials review contracts with their website service providers to understand if they have incident response plans.
The security agency also urges election officials to use its cyber hygiene scanning services to gauge the security status of their operations and catch any vulnerabilities ahead of the November election.
CISA also on Monday published a checklist detailing steps to protect against physical security threats to election offices, including securing building entry points, monitoring parking areas for unauthorized vehicles and establishing incident response plans with emergency responders in preparation of potential threats to the safety of election workers, such as bombs.
