IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

CISA Releases Free ‘Cybersecurity Toolkit to Protect Elections’

The Cybersecurity and Infrastructure Security Agency (CISA) released tools this past week to help protect the upcoming midterm elections against ransomware, phishing and DDoS attacks.

a line of voting booths
In a press release dated Aug. 10, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) released “Protecting U.S. Elections: A CISA Cybersecurity Toolkit.”

The toolkit offers free services and tools intended to help state and local government officials, election officials, and vendors enhance the cybersecurity and cyber resilience of U.S. election infrastructure.

The CISA press release provides this background on the toolkit:

“This toolkit was developed through CISA’s Joint Cyber Defense Collaborative (JCDC), which worked with private- and public-sector organizations, including in the election community, and JCDC alliance members — to compile these free resources. The toolkit is organized into broad categories designed to help election officials:
  1. Assess their risk using an Election Security Risk Profile Tool developed by CISA and the U.S. Election Assistance Commission;
  2. Find tools related to protecting voter information, websites, email systems and networks; and
  3. Protect assets against phishing, ransomware and distributed denial-of-services (DDoS) attacks.

“I am very proud to announce another valuable resource that can help officials further reduce their cyber risk and improve their security posture,” said CISA Director Jen Easterly. “Each day, state and local election officials confront threats to their infrastructure from foreign interference, nefarious actors, insider threats and others. This is one more resource to help them in their ongoing efforts to ensure American elections remain secure and resilient.”

The toolkit itself starts with this self-assessment called the Election Security Risk Profile Tool to determine your risk. With this tool, you can:
  • Address areas of greatest risk.
  • Ensure that technical cybersecurity assessments and services are meeting critical needs. 
  • Gain a sound analytic foundation for managing election security risk with key partners at the federal, state and local level.

Second, CISA urges organizations to review the types of cyber attacks that typically occur against election infrastructure. Attacks often are against these areas:
  • Voter information: Threat actors may try to compromise or manipulate electronic poll books and voter registration databases in an attempt to cause confusion or delay voting.
  • Websites: Threat actors often target state and local websites with DDoS, phishing and ransomware attacks.
  • Email systems: Threat actors use phishing as the preferred vector with which to target state and local email systems.
  • Networks: Threat actors commonly use vectors, such as phishing or malware, to infiltrate state and local networks that election offices rely on for regular business functions

You can learn more about the CISA Cyber Defense Collaborative here.


Government Computer News (GCN) covered the release of the Cybersecurity Toolkit to Protect Elections with this article. Here’s an excerpt:

“Election officials are directed to use the tools and services that correspond to the election infrastructure that needs to be secured. The toolkit lists various commercial solutions, which are categorized as being 'basic' or 'advanced.' It also offers links to CISA’s own services and training resources for election officials.

“CISA said the services and tools are aligned with the 'Protect' and 'Detect' functions of the National Institute of Standards and Technology’s Cybersecurity Framework.”

Before using the toolkit, CISA urges all organizations to take some preliminary actions to defend against common cyber threats. Those baseline steps include:


According to the Center for Internet Security (CIS) website and multiple sources, the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) met in Baltimore this past week:

“This important summit gathered 900 SLTT and election officials who work in the areas of cybersecurity, information technology and related departments. Join us as we share ideas about how to improve the cybersecurity posture of U.S. state, local, tribal and territorial (SLTT) governments, as well as our critical election infrastructure.”

The agenda listed at the website described sessions such as “Perils to the Popular Vote: Assessing the Current Threat Environment of the 2022 Election Cycle and How to Protect Election Integrity.” There was also a session entitled “Anatomy of a Breach," described this way: “Data breaches have become commonplace. But, what do you do when it happens to you or a trusted partner? Panelists will discuss how election officials and cybersecurity professionals must work together to respond quickly and minimize exposure of critical infrastructure data. Learn how the EI-ISAC can also play a role in gathering intelligence and assessing the damage.

Facilitator: Marci Andino – Senior Director, EI-ISAC
  • Tim Davis – Elections Operations Analyst, EI-ISAC
  • Noah Beadle – Elections Operations Analyst, EI-ISAC
  • Brian Leach – Chief Information Officer, South Carolina State Election Commission
  • Chris Whitmire – Deputy Executive Director, South Carolina State Election Commission”


There have been numerous blogs and articles in Government Technology covering this important election security topic. Here are two of the pieces I have previously assembled:

Also, these are a few blogs regarding the MS-ISAC:

Daniel J. Lohrmann is an internationally recognized cybersecurity leader, technologist, keynote speaker and author.