CISA and its Impact on Homeland Security
On November 16th, 2018 the Cybersecurity and Infrastructure Security Agency was created when President Trump signed it into existence. As stated on their website https://cisa.gov, their mission is to partner ‘with industry and government to understand and manage risk to our Nation’s critical infrastructure’. This partnership translates into services that are not only offered to the federal government, but other government agencies as well as other public and private sector entities that are deemed ‘critical infrastructure’.
As their website states, they support existing public/private partnerships and look to forge new ones in efforts to protect critical infrastructure crucial to the United States. One of current priorities are the 2020 elections. This is borne from countless findings from our national intelligence agencies and supported in a generally bipartisan fashion. An example of this shared concern came from the Republican-led Senate Intelligence Committee, who reaffirmed on October 8th, 2019 that Russian operatives engaged in a widespread social media campaign to influence the 2016 election. The Senate committee report essentially confirmed the findings of the intelligence community that Russian interference occurred.
CISA is proactively reaching out to state and local government agencies in an effort to ensure that our upcoming federal, state and local elections are free from outside influence. This is a widespread issue, but the nature of these challenges aren’t necessarily consistent throughout the United States. There are numerous reasons for this, but one is that states are given a wide berth to decide how elections are conducted. In the State of Arizona elections are run at the county level, with cities offering locations for citizens to vote. However, staffing, logistics and tallying is done by county resources. Conversely, some states in New England and the Midwest have cities or townships running elections. Another differentiator is at the local level, elections are either run by a single individual, a board or commission or a combination of two of more entities. As you can see, depending on the state, the scope and scale of where voter risk exists can be different from a responsibility perspective, not to mention varying technologies and processes used by different jurisdictions. This variance in voting services makes it difficult from a security perspective.
As a CISO for a large city, I have experienced firsthand the interaction with CISA and how their mission is translated into tangible action and service. CISA regularly shares intelligence with those they are responsible for protecting, including municipalities. Additionally, they are actively engaged with elections here in Arizona and while they are managed at the county level and not at the municipal, a free and honest election is something that my constituents deserve.
The truth is that my experience, in dealing with cybersecurity events, with state and federal government agencies has always been good but with the creation of CISA and the subsequent resources applied to this new department under DHS, information sharing has improved and we’re seeing a real impact in my community and others. CISA agents will be the first to tell you they could use more resources, but they have ramped up staffing and continue to build their capabilities. With CISA working with other 3 letter agencies, their impact on the overall health of Homeland Security is being felt by many, me included.