So You Want To Help Counter Election Interference
Tuesday, February 13, 2018
The Risk & The Election
This week, the US Intelligence Community (IC) said in public that the country’s next election is threatened by Russia. They said this already about the last election. The president has not yet given direction to counter even the cyber threat – let alone the other aspects.
How WOULD the US go about protecting its elections from a foreign adversary, given the structures that are in place? How can we make sure action is being taken, or push for such action?
The information below goes over federal cybersecurity framework, which would theoretically play an active role in election security.
UPDATE: In May 2018, the White House removed the lead cybersecurity position from the White House (WH), located as a part of the National Security Council (NSC). Why is this relevant? As you can see below, interagency coordination is key to US cybersecurity action. Less coordination and contact from the WH and NSC will have impacts.
Also, what can we do to help where we live? Because elections are at their foundation local. That's covered below too.
Start With Paper Ballots
Step 1 in securing the election is to advocate for paper ballots - either as a backup to an electronic voting process, or as the primary method.
There are national organizations advocating for securing US elections as well. One of their primary cybersecurity mitigation actions is to push for paper voting ballots. Check ou the Verified Voting Foundation or Secure Our Vote for more - these are not vetted or endorsed. The Center for American Progress (CAP) has a detailed "Election Security In All 50 States" report for an in-depth look, including a Matrix of State Grades.
US Cybersecurity Anchors
Cybersecurity in the United States is anchored by three major pillars:
- The National Security Agency (NSA), a member of the IC
- CYBERCOM, or Cyber Command, within the US Department of Defense (DOD)
- The US Department of Homeland Security (DHS).
The media has been talking a lot here on day one of this new paradigm about the FBI and cybersecurity. While the FBI is a major player as the nation’s primary domestic investigative body and the facilitator of US-CERT, the FBI is not the domestic lead for cybersecurity. DHS is, as a partner with the FBI.
Listen carefully, because I am not going into detail here on two of the three key players. You probably won't hear much about them or what they are doing or can do in the news. The US government does not put these organizations front and center for good reason.
Use your critical thinking to consider how this triad works and what cyber role each of these key organizations might play, given their scope and mission. Be advised that these organizations do work together in an interagency structure, some of which is noted below.
The DHS Role
The DHS role in cybersecurity is more visible than the other two pillars that are part of the triad.
One question you might have is: why DHS?
DHS has a key cybersecurity role as it is the lead department for domestic security of the US. DHS has specific capabilities and legal allowances to work with state, tribal, and local government agencies as well as the private sector. Most federal agencies – and especially the IC – are not allowed to communicate directly with the private sector except in very specific settings. DHS is also the federal lead for critical infrastructure protection and resilience in the US, and as such has public private partnerships with 16 key critical infrastructure sectors (such as energy, communications, emergency services, health, agriculture, etc.).
DHS’ ability to have these partnerships is critically important in the cybersecurity world - which can also move fast. It is the existence of these partnerships and the mechanisms and legal framework under which they operate which help make DHS a key player in the US’ cybersecurity.
The NCCIC (pronounced “n-kick”) is the operational, real-time component of the DHS cybersecurity machinations. The NCCIC is within DHS NPPD CS&C (that’s the DHS National Protection and Programs Directorate, Office for Cybersecurity & Communications).
Click on the NCCIC link for an unclassified look on what all of that means via the NCCIC’s page, which includes an organization chart and links to partners such as US-CERT.
DHS NPPD CS&C is also the federal office that would work with state and local government agencies on election cybersecurity.
What Can You Do On Cyber? Quite A Bit -
If you are talking to your legislators and/or state and local government folks, DHS NPPD CS&C is the office that should be taking direct action to help the US counter a Russian cybersecurity threat. You can ask for specific actions that DHS NPPD is taking to protect the 2018 election.
You can ask your federal legislators to pressure DHS NPPD to take action on securing the US election, and to report those actions to said legislator and back to you as a constituent. There should be very specific actions, and they should have unclassified components that can be shared as state and local governments will likely be involved in those actions.
At the state level, you can find out which agency is responsible for election security, and ask the state oversight body and/or state legislators if they are talking to DHS NPPD as well. They can also pressure DHS NPPD to act.
States that are having a difficult time getting answers from DHS NPPD may wish to get their governor involved.
States have many entry points at DHS for communication, and can exercise various options to pursue answers.
Knowing the basics of the US cybersecurity framework can help you speak about this issue with others as well as with elected officials. The more folks know and understand this, the more citizens can help protect and secure the US election process against a hostile adversary.
You Can Volunteer Locally
Finally, most anyone can get involved in volunteering in the local election process. The basic operations of US elections are at the county or parish level, and sometimes at the city or town level. To find out more, start with your county’s website, and go from there. There are non-partisan and partisan ways to volunteer to prepare for and hold elections.
To quote a fictional American southerner, “Git ‘er done.” – Larry the Cable Guy.
To quote a famous Canadian, “I’m pulling for you. We’re all in this together.” – The Red Green Show.
A version of this post was also published on here on Facebook.
Fired up about democracy? Looking for other things you can do? Or, need support for what you're already doing? Check out private coaching at inclusive pricing rates. We will absolutely find a way forward. It's time for what's next. There is much to come -
Explore the 25 Focus Areas
Subscribe! Sign Me Up -
Leave Your Comments
We welcome your comments. Please leave your ideas and opinions below.