The Department of Homeland Security’s (DHS) Inspector General’s Office (OIG) is giving credit to the Cybersecurity and Infrastructure Security Agency’s (CISA) efforts to improve election security nationwide, but said in a new report that CISA still has a lot of work to do on that front, particularly in areas involving physical security of election infrastructure.
The OIG said that DHS “has improved coordination efforts to secure the Nation’s systems used for voting,” and said CISA “has developed a set of plans and guidance aimed at securing election systems for the 2020 election cycle.”
As the November 3 general election date approaches, CISA has been publicly vocal about its election security efforts. Earlier this month, CISA’s Bob Kolasky, director of the agency’s National Risk Management Center (NRMC), offered an extensive rundown of CISA’s efforts to help state and local election authorities improve security.
Kolasky concluded that state and local governments were “well positioned” to conduct secure elections. “We set up a pretty damn good information system” to support state and local governments, he said. “It’s getting close to game day, and we are ready to go.”
While the DHS OIG acknowledged that work, it also said that DHS should do more work to “protect the broader election infrastructure, which includes polling and voting locations and related storage facilities, among other things.”
Speaking of CISA’s plans and guidance to secure election systems for the 2020 election cycle, the OIG said those plans “do not sufficiently mitigate other potential risks to physical security, terrorism threats, or targeted violence to election infrastructure, nor do they identify dependencies on external stakeholders that impede mission performance.” It also said that CISA needs to improve the quality of information it shares with election stakeholders.
The inspector general said that senior leadership turnover at DHS and “ongoing” reorganization efforts at CISA have “hindered CISA’s ability to enhance planning and effectively monitor its progress in securing the nation’s election infrastructure.”
According to the OIG, CISA concurred with its recommendations.
CISA Director Christopher Krebs, however, said in a response to the OIG report that he views the release of the report less than a month before the November 3 general election as “problematic.”
The CISA director recommended that the timeline of any future audit “account for the entirety of the election cycle,” and “allow sufficient time for CISA to implement its recommendations ahead of the next election cycle.