Election securityElection Cyber Program Targets Foreign Threats

Published 31 October 2020

Following two alerts from the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) regarding Iranian and Russian threats to election systems, the University of Chicago’s Election Cyber Surge (ECS) program mobilized its cyber volunteers to help.

Following two alerts from the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA) regarding Iranian and Russian threats to election systems, the University of Chicago’s Election Cyber Surge (ECS) program mobilized its cyber volunteers to help. 

CISA’s detailed alerts include technical information regarding common vulnerabilities, patch information, and IP addresses. In response, ECS sent an update offering assistance to more than 3000 election jurisdictions across the country. The ECS update highlights the eight common vulnerabilities that may affect local election systems, breaks down immediate recommended steps, and offers election officials the chance to fix the vulnerabilities with the help of a cyber volunteer. 

Election Cyber Surge is perfectly positioned to assist election officials fix these common vulnerabilities. We strive to support the invaluable work of CISA and protect election jurisdictions from foreign actors,” said Mary Hanley, Associate Director of the Harris Cyber Policy Initiative.

This recent update builds upon significant previous outreach - ECS had already contacted over 3,900 election jurisdictions across the United States. Many of those jurisdictions have outlined their unique needs to ECS staff and been offered support corresponding to these needs.

With the global cyber workforce shortage projected to total more than 3.5 million unfilled cyber jobs by 2021, state and local election organizations, like most public sector organizations, are already struggling to recruit cybersecurity talent and address cyber skill gaps across their existing workforce. 

John Odum, the City Clerk for Montpelier, VT, explains: “Election administrators have more on their plates all the time, but cybersecurity can’t wait. It can’t wait for bureaucracy, it can’t wait for a help desk ticket. This kind of unique support the University of Chicago provides is a game-changer. It gives us an ability to be proactive and responsive to threats in a way that otherwise would never be possible.” 

Rapidly addressing cyber skill gaps is critical in light of the COVID-19 pandemic, which has resulted in an unprecedented increase in absentee voting and structural vulnerabilities, and additional strain on the augmented technical assistance that most jurisdictions already struggled to triage given workforce shortages and technical limitations. In the weeks and months leading up the election, under-resourced and under-staffed election operations will continue to see a decline in available personnel as health concerns related to COVID-19 persist. 

The Cyber Policy Initiative notes that election officials seeking additional information may reach out for support by emailing electioncybersurge@harriscyberpolicy.org, by calling (888) 910-1821, or on Twitter @ElectionSurge.