CISA Director Easterly Seeks To Quell Concerns About Election Security

U.S. elections have “never been more secure,” said Cybersecurity and Infrastructure Security Agency Director Jen Easterly in public comments days before the 2024 presidential election, as officials seek to quell fears about both domestic and foreign interference in the democratic process.

Easterly covered topics including ballot security, disinformation campaigns, voter registration data security and physical security in interviews with Washington Post Live and ABC News this week, emphasizing that multiple layers of security are in place to protect voting systems and materials from cyberattacks and tampering.

“Voting systems are not connected to the internet, so [it’s] very hard to hack into a system that is not connected to the internet,” Easterly noted, adding that 97% of voters are in jurisdictions that use paper records that voters can verify themselves, including in all seven “battleground” states.

The CISA director also brought up testing of voting systems before Election Day as well as post-election audits as additional measures that will ensure every vote is “counted as cast.”

Jimmy Mesta, co-founder and chief technology officer at RAD Security, told SC Media that President Joe Biden’s 2021 Executive Order on Improving the Nation’s Cybersecurity, as well as the National Cybersecurity Strategy published in March 2023, have also helped enhance election security leading up to this year’s presidential race.

“These initiatives aim to build a resilient and defensible digital ecosystem to protect critical infrastructure, including electoral systems, from evolving cyber threats, and they’ve done a great job incorporating zero trust initiatives, moving IT infrastructure to secure cloud services, and creating incident reporting and response policies,” Mesta said. “So I do agree with Jen, the infrastructure itself has never been more secure.”

Disinformation fuels doubts about election integrity

Easterly blamed a “firehouse of disinformation” for stoking unfounded fears about voter fraud and election interference.

CISA and other federal officials are working to combat such disinformation campaigns, Easterly said, including from foreign adversaries like Russia that have been using generative AI in attempts to step up their deception.

For example, a joint statement from the Office of the Director of National Intelligence (ODNI), Federal Bureau of Investigation (FBI) and CISA last week debunked a video that appeared to show ballots being ripped up in Bucks County, Pennsylvania, attributing the video to “Russian influence actors.”

A joint statement published today called out another video, which purported to show a non-U.S. citizen from Haiti illegally voting in multiple counties in Georgia, as a Russia-manufactured fake, warning voters of similar disinformation efforts likely to crop up in the days leading up to the election.

Former CISA Director Chris Krebs has also been vocal about disinformation leading up to the 2024 election, commenting on X, “They’re flooding the zone, exploiting historical (and current) tropes, including racial issues. This will only continue thru the count & certification process. Important to rapidly identify and debunk this garbage, and for platforms to label as foreign generated or remove entirely.”

Easterly says hacking of voting infrastructure “near impossible,” addresses physical security

The current CISA director said that while foreign adversaries are hard at work attempting to undermine voter confidence and interfere with the election, there is no evidence that the nation’s voting infrastructure has yet been successfully breached. Easterly said the defenses currently in place make it “near impossible” for voting infrastructure to be hacked “in a way that would impact the outcome of the presidential election.”

And while voter registration databases, unlike voting machines, are connected to the internet they are protected by cybersecurity measures such as multifactor authentication, strong passwords and regular software updates.

“Folks should know that voter registration databases, some of that data can be sold. Some of it is publicly available. And so if you see that information out there, it does not mean that it’s been hacked. But our foreign adversaries may try to make us believe that it is,” Easterly told Washington Post Live.

When it comes to other types of attacks, like distributed denial of service (DDoS) attacks on election offices, CISA and the FBI put out a public service announcement this summer noting that such attacks “could hinder public access to election information but would not impact the security or integrity of election processes,” nor would it prevent voting itself.

Easterly also addressed the physical security of ballot boxes, polling places and election workers in her public comments, saying more than 1,200 physical security assessments – in addition to 700 cybersecurity assessments – have taking place this election cycle, along with hundreds of training courses on topics like social engineering, active shooter response and de-escalation techniques.

“We will go in with physical security experts, we will help them understand improvements that need to be made to ensure the physical security of the building,” Easterly explained, saying that safety measures may include bulletproof glass, panic buttons or flak jackets depending on the threat level.

With cyber and physical defenses in place, Mesta tells SC Media that the biggest vulnerability in election security will likely be the human element: “Election personnel, including staff, volunteers, and contractors, are often targeted. We need better systems downstream that can stop bad things from happening – not rely on the human element, which is always flawed.”

“While election infrastructure has never been more secure, election security as a whole is a hyper consolidated mix of people, physical infrastructure, and technology – with the entire world watching,” Mesta said.

READ MORE HERE