Commissioner Thomas Hicks
Earlier this week, I had the opportunity to address members of Congress about the work the U.S. Election Assistance Commission is doing to help America vote. My remarks came just days before the 15th anniversary of the Help America Vote Act (HAVA), which was enacted on October 29, 2002. That legislation created the EAC and remains the steadfast compass for our commission’s work.
It’s not surprising that Congress has a strong interest in the EAC’s work to assist state and local election officials as they work to strengthen cybersecurity protections. As I stated in Tuesday’s Congressional meeting, every state in the nation must take this threat seriously and recognize that we are operating in a new threat environment. Election officials across the country should assume that hackers – whether foreign or domestic – have already and/or will scan election systems for vulnerabilities. This is certainly the case for other government entities, as well as most major industries and businesses in the nation. Election systems are no different.
This current threat environment underscores the importance of implementing cybersecurity strategies that allow election officials to detect threats before a breach occurs, defend cyber assets should a hacker attack, and quickly recover if the attack is successful. The EAC is assisting states with this work by helping them understand and leverage all available cybersecurity resources to protect their election systems and assets as they prepare for future elections.
For example, we’ve played a key role in helping election officials understand and leverage the Department of Homeland Security’s designation of elections infrastructure as critical infrastructure. A DHS designation of something as critical infrastructure brings increased federal resources into a sector to provide for increased protection of cyber-systems and more effective information sharing. The EAC has worked extensively with DHS to help it understand the election industry and to identify resources that would be beneficial to election officials. We have worked alongside election officials and private sector election technology companies to help them understand the designation and how to leverage the resources that it brings. This work has included two types of activities: (1) facilitating and participating in meetings between election officials, DHS, and other key players in the cybersecurity landscape and (2) producing and participating in the production of educational and foundational documents and materials. Our work was instrumental in the successful establishment of the sector’s Government Coordinating Council earlier this month and we look forward to what lies ahead.
But bringing key players together and helping them to establish the foundation for how Critical Infrastructure will work is only part of the EAC’s efforts to help election officials strengthen their cybersecurity. The EAC has also:
- Produced and distributed cybersecurity educational materials such as check lists, guidance for managing aging voting systems, contingency planning strategies and information about securing voter registration data
- Participated in cybersecurity readiness events and meetings, such as a table-top-exercise conducted by the New York Board of Elections
- Produced a series of videos related to cybersecurity