Former CISA director praises government’s role in election security

Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA), said the government and elections officials did a “good job” at securing the midterm elections and communicating with voters on what is accurate information.

Krebs, who spoke on Wednesday at an annual cyber summit in New York hosted by the Aspen Institute, said the key is to effectively convey accurate information and debunk misinformation and disinformation narratives ahead of elections. 

“You can do all this stuff in the background, but you have to continue to communicate, communicate, communicate on what is happening and what [voters] should be thinking about as information is teed up,” Krebs said. 

“The key here is that the prebunking is dependent on identifying the potential areas that could be exploited,” he added.

In 2020, CISA created a page on its website called the Rumor Control which debunks common misinformation and disinformation narratives. Testifying before a House panel in April, CISA Director Jen Easterly told lawmakers that the website provides accurate information regarding the election, including facts about absentee ballots, so that voters “have the information they need to maintain confidence in the integrity of elections.”

During a background call to reporters on Election Day, senior CISA officials said the agency was confident that the election was as secure as it could be because of steps it took, including closely working with state and local election officials to ensure that they had the resources in place to protect the election infrastructure.

The officials also said that it had not identified any “specific or credible threats” that would disrupt the election system.

Prior to the election, federal agencies warned that any attempts to undermine the election system was “unlikely” to cause large-scale disruptions or prevent voting.

However, the warnings did not prevent cyber actors from launching cyberattacks on Election Day. 

CISA said it was aware of a “handful” of distributed denial of service (DDoS) attacks that briefly impacted a number of state election websites.

Although the agency did not provide specifics on the number of states affected, it did confirm that Mississippi state websites suffered outages following a cyberattack, reportedly carried out by a Russian hacking group. 

A CISA official said that while it’s hard to attribute these attacks to a specific group or state actor, the agency has not seen any evidence suggesting that they were “part of a widespread coordinated campaign.”

The official added that it’s important to note that low-level cyberattacks such as distributed denial of service attacks do not affect a voter’s ability to cast a ballot or have it counted, as these attacks only impact the website. 

The official also said that not every cyberattack that targeted state election websites on Election Day was successful, and those sites that were affected were quickly restored.

Illinois was another state that suffered from a cyberattack on Election Day. The state’s Champaign County Clerk’s Office posted on Facebook that there were some issues with its network and computer server and that it believes they were caused by cyberattacks.