Potential Ransomware Attacks Take Center Stage at Annual Election Exercise
Election officials from across the country ran through dozens of worst-case scenarios last week, including potential ransomware attacks, during an exercise staged by the the Department of Homeland Security.
This is the fourth year the department has asked state and local election officials to participate in the exercise, which attempts to model disruptions to the voting process and civil unrest and spread knowledge on what to do as they play out.
In all, more than 1,000 participants ran through the hypothetical scenarios affecting election operations to share practices around cyber and physical incident planning, preparedness, identification, response, and recovery.
The hosts of the event were the Cybersecurity and Infrastructure Security Agency, the National Association of Secretaries of State and the National Association of State Election DIrectors.
“The value of these exercises cannot be overstated,” said attendee Marty Redden, head of Alabama’s Office of Information Technology. “They allow us to refine and test our processes with both state and federal partners, in a controlled environment.”
At the same time, he said, the exercises allow all participants to openly communicate ideas and risks, while improving our readiness prior to the real election.”
A typical exercise might force election officials to deal with digital defacements to election-night reporting sites, or a last-minute disinformation campaign, according to reports of past events.
Along with such challenges, elections officials have also grown increasingly concerned with ransomware attacks like those that have disrupted other parts of state and local government, not to mention the Colonial Pipeline last spring, attendees said.
Each module gave participants an opportunity to stress test their responses while identifying potentially overlooked strengths and weaknesses in their election processes.
“Election security is achieved through proactive planning and preparedness across the election community,” said CISA Director Jen Easterly and representatives of the Election Infrastructure Government Coordinating Council Executive Committee, in a joint statement.
“Tabletop the Vote 2021 gave election professionals, federal and state security partners, and private sector representatives from around the country the opportunity to discuss and share protocols and communications to ensure a coordinated effort to strengthen and protect voting processes in the United States,” the statement continued. “We remain committed to this effort and to supporting election officials, federal partners, and others who serve on the front lines of our nation’s elections.”
Other members of the executive committee include Bob Kolasky, director of the National Risk Management Center at CISA; Donald Palmer, chairman of the U.S. Election Assistance Commission; Maggie Toulouse Oliver, president of the National Association of Secretaries of States; Michelle Tassinari, president of the National Association of State Election Directors; and Escambia County (Florida) Supervisor of Elections David Stafford.