Skip to content

Illustration by Security Management

Watchdog Finds CISA Election Strategy Incomplete

A vital U.S. government agency tasked with aiding state and local election officials to secure election systems “has not yet completed” plans to secure the 2020 U.S. presidential election less than 10 months away, a watchdog report found.

The U.S. Government Accountability Office (GAO) looked at the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and its plans to support states and local election jurisdictions for the 2020 elections. GAO found that CISA is developing strategic and operations plans, but that the agency has faced challenges due to a reorganization.

“In the absence of completed plans, CISA is not well-positioned to execute a nationwide strategy for securing election infrastructure prior to the start of the 2020 election cycle,” the GAO’s report said. “Further, CISA’s operations plan may not fully address all aspects outlined in its strategic plan, when finalized.”

The government watchdog expressed specific concerns about CISA’s abilities to meet its strategic goals of providing security assistance to political campaigns, and raising public awareness about foreign influence threats and building resilience.

CISA is under increasing pressure to provide assistance to state and local election officials who are beginning to hold primaries for the 2020 election cycle. The two strategic goals that it has not finalized plans for were at the forefront of the disruption of the 2016 presidential election when Russia conducted a massive disinformation campaign and Hillary Clinton’s campaign was compromised via a targeted phishing attack.

Critics have raised concerns that the U.S. government and social media companies are not prepared to address the rising level of disinformation online related to political candidates and elections—tactics which are now being adopted by American-based actors.

“Every presidential campaign sees its share of spin and misdirection, but this year’s contest promises to be different,” according to The Atlantic. “In conversations with political strategists and other experts, a dystopian picture of the general election comes into view—one shaped by coordinated bot attacks, Potemkin local-news sites, micro-targeted fearmongering, and anonymous mass texting. Both parties will have these tools at their disposal. But in the hands of a president who lies constantly, who traffics in conspiracy theories, and who readily manipulates the levers of government for his own gain, their potential to wreak havoc is enormous.”

The GAO also found that CISA has not fully developed plans for how it is addressing challenges that stemmed from its 2018 election security assistance to state and local election officials.

These challenges include inadequate tailoring of services to meet local election jurisdiction’s resource and time constraints; providing actionable recommendations in classified threat briefings or making unclassified versions of briefings available; inability of CISA personnel to access social media websites from situational awareness rooms; limited capabilities CISA field staff could provide on Election Day; and lack of clarity of CISA’s incident response capabilities in the event of a compromise that exhausts local resources.

“Although CISA officials said that the challenges identified in the reviews have informed their strategic and operational planning, without finalized plans it is unknown whether CISA will address these challenges,” the GAO said.

In a statement to TechCrunch, CISA spokesperson Sara Sendek said CISA was “prepared and ready” to support the election community.

“Our work is not done, we continue to build and grow every day, but we understand the threat and the need to take action to keep our systems safe, and we are ready for 2020,” she said.

Government response to election interference was also highlighted in a report released this week by the U.S. Senate Select Committee on Intelligence, the third in a series of reports on the 2016 presidential election. The committee found that after the Obama administration discovered the existence of Russia’s election interference in late-2016, it struggled to determine the appropriate response.

“Frozen by ‘paralysis of analysis,’ hamstrung by constraints both real and perceived, Obama officials debated courses of action without truly taking one,” said Committee Chairman U.S. Senator Richard Burr (R-NC). “Many of their concerns were understandable, including the fear that warning the public of the election threat would only alarm the American people and accomplish Russia’s goal of undermining faith in our democratic institutions. In navigating those valid concerns, however, Obama officials made decisions that limited their options, including preventing internal information-sharing and siloing cyber and geopolitical threats.”

In its analysis, the committee found that the U.S. government was not “well-postured” to counter Russian election interference activity through policy options.

“There were many flaws with the U.S. response to the 2016 attack, but it’s worth noting that many of those were due to problems with our own system—problems that can and should be corrected,” said Committee Vice-Chairman U.S. Senator Mark Warner (D-VA). “I am particularly concerned, however, that a legitimate rear raised by the Obama administration—that warning the public of the Russian attack could backfire politically—is still present in our hyper-partisan environment. All Americans, particularly those of us in government and public office, must work together to push back on foreign interference in our elections without regard for partisan advantage.”