Between the 2016 presidential election and the 2018 congressional midterm elections, the Department of Homeland Security boosted the number of sensors it deployed to state and local election networks to help detect unwanted intrusions, the department’s senior cyber security official told a House panel.

Before the 2016 election, intrusion detection sensors were given to election infrastructures that provided less than 30 percent coverage overall but, by the 2018 elections, coverage topped 90 percent, Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency, told the House Homeland Security Committee on Feb. 13.

Christopher Krebs, Director of the Cybersecurity and Infrastructure Security Agency at DHS. Photo: DHS

Krebs said the intrusion detection sensors, called Albert sensors, are providing “real-time detection capabilities on election networks, protecting election infrastructure and voter registration databases.”

The Albert sensors are provided by the non-profit organization Center for Internet Security (CIS) that receives DHS funding and houses the Multi-State Information Sharing and Analysis Center (MS-ISAC), provides benchmarks to state, local, territorial and tribal governments for assessing and improving network security, and a set of detailed controls with cyber security best practices and hygiene. The MS-ISAC is the touch point for state and local governments to obtain cyber security resources.

The Albert sensors build off of the DHS Einstein cyber intrusion detection system and provide a combination of high-level monitoring of network traffic and signature-based threat detection, Brian Calkin, the chief technology officer for CIS, told Defense Daily on Friday. The passive sensors contain around 27,000 signatures, which are compared against all the network traffic coming across the election infrastructure where they are deployed, providing analysts with more information to get to the root of an attempted compromise, he said.

CIS also provides patching and other routine maintenance of the sensors, and with the MS-ISAC is able to share new threat indicators found on one network with other networks, Calkin said.

Albert sensors “use the most timely and valuable indicators that DHS and the federal government can provide and alert states when there is a ‘hit’ on this information,” a CISA official told Defense Daily in response to question. “The benefit of this broader platform is that when one state is alerted to an event, all states are in a better position to inoculate themselves to that threat.”

DHS provides funding for two Albert sensors per state, which can also purchase additional sensors. The 90 percent of coverage that Krebs mentioned in his testimony refers to the percentage of voters, the CISA official said.

The committee held a hearing to review election systems security and to discuss legislation that Democrats in the House plan to debate soon related to election security and dark money in political campaigns.

Repeating a recent conclusion of DHS and the Justice Department, Krebs told the committee there is no evidence that a foreign government or foreign agent had a “material impact” on the midterm elections. Russia, China and Iran did conduct foreign influence efforts to press their “strategic interests,” he said.

Asked by Committee Chairman Bennie Thompson (D-Miss.) of his confidence in the security of election infrastructure against cyber-attacks, Krebs replied that like all information technology (IT) systems, there is always the need for more security.

“But I will say that compared to where we were in 2016, not just from a fundamental IT security perspective but from a collaboration, working across the different stakeholder groups, we are light years ahead of where we were,” Krebs said. “And most importantly, we have greater visibility both of the threats that are incoming, but also how they would work across the ecosystem and across the infrastructure.”

An area that requires more investment overall across the U.S. election infrastructures is making sure they are auditable, Krebs said. The ongoing move to paper balloting by all states will help this, he said, but auditing also extends all the way to the voter registration process.

“It’s a key tenet of IT security,” Krebs said of the ability to audit processes. “If you don’t know what’s happening, you can’t check back across the system, what’s happening in the system, [and] then you don’t really have security. So, to the extent that we can focus on an outcome of auditability throughout the process, end to end, that’s the greatest area of need in my view.”

Looking ahead to the 2020 presidential and congressional elections, Krebs said elections will remain a priority for DHS with a continued focus on improving information sharing with state and local officials as well as assistance.

“DHS goals for the 2020 election cycle include improving the efficiency and effectiveness of election audits, continued incentivizing the patching of election systems, and working with the National Institute of Standards and Technology (NIST) and the states to develop cyber security profiles using the NIST Cybersecurity Framework for Improving Critical Infrastructure,” Krebs said in his written statement for the committee. “We will also continue to engage any political entity that wants our help.”