The Department of Homeland Security this week hosted what says is a “first of its kind” three-day tabletop exercise with state and county election officials to test responses to cyber security incidents aimed at election systems.
DHS said exercise participants included representatives from 44 states and the District of Columbia, the Election Assistance Commission, the Departments of Defense and Justice, the Office of the Director of National Intelligence, the National Security Agency, U.S. Cyber Command, and the National Institute of Standards and Technology.
“Today’s exercise brought together our partners from all levels of government and the private sector in order to test our ability to respond to cyber incidents that could potentially effect an election, and build strong communication and incident response plans across the election community,” Homeland Security Secretary Kirstjen Nielsen, said in a statement. “The response we have received from this week’s participants has been overwhelmingly positive and we’ve identified areas we need to collectively focus on ahead of the midterm elections.”
The exercise simulated potential impacts to the integrity of elections, voting operations and voter confidence. DHS said the exercise allowed participants to evaluate cyber threat information sharing, processes to identify potential cyber security threats or incidents, ways for counties and states to seek state and federal resources if necessary, the importance of cyber incident response planning, development of public messaging for cyber incidents around elections, and best practices and resources for managing and mitigating cyber risks and consequences of an incident.
Exercise participants were confronted with various incidents such as spearphishing campaigns against elections officials, disruptions of voter registration systems, news and social media manipulation, denial of service attacks, malware infections targeting electronic voting machines, and the exploitation of state and county board of election networks.