DHS Designates New Protections for U.S. Election Infrastructure

On the same day that U.S. intelligence agencies issued a non-classified report citing that Russian state-sponsored influence campaigns sought to “undermine public faith in the U.S. democratic process…” using a blend of covert activity (such as cyber activity) with overt efforts (state-funded media, paid trolls, etc.) the Department of Homeland Security took steps to protect the bedrock of our voting system – the nation’s election infrastructure.

On January 6th, Secretary Jeh Johnson, designated that the election infrastructure (storage facilities, polling places, centralized vote tabulations locations, as well as voter registration databases, voting machines, etc.) as a subsector of the existing critical infrastructure sector.

Given the vital role elections play in this country, it is clear that certain systems and assets of election infrastructure meet the definition of critical infrastructure, in fact and in law,” wrote Johnson in this DHS press release. Aware of push back from state and local officials, Johnson, however, went on to stress that the action doesn’t constitute a “federal takeover” of the role state and local governments play in administering and running elections.

What it does mean is that the election infrastructure becomes a priority with the National Infrastructure Protection Plan that enables DHS to prioritize cybersecurity assistance to state and local election officials – if requested.

The Plan affords increased access to incident response capabilities gained through DHS’ industry relationships and streamlined access to classified and unclassified information gained from information sharing and analysis organizations.

“…the designation makes clear both domestically and internationally that election infrastructure enjoys all the benefits and protections of critical infrastructure that the U.S. government has to offer. Finally, a designation makes it easier for the federal government to have full and frank discussions with key stakeholders regarding sensitive vulnerability information,” said Johnson.

Related: How Malware and Spam Groups Exploited the U.S. Election