IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

CISA Releases State, Local Election Cybersecurity Toolkit

Election officials and others in state and local government need to be on guard against a variety of attempts that could impede voters’ access to information and smooth elections. A toolkit of free resources aims to help.

Digital illustration of a blue checkmark surrounded by a gear wheel and blue lines.
The Cybersecurity and Infrastructure Security Agency (CISA) released a collection of free tools and trainings yesterday that are intended to help state and local government and election officials assess and manage their cyber risks. The Election Cybersecurity Toolkit comes as part of CISA’s Joint Cyber Defense Collaborative (JCDC) initiative and includes resources from the members as well as other sources.

Elections departments need to be alert to how common cyber attacks could be leveraged against them. Ransomware actors, for example, could try to pressure officials into paying extortion by encrypting sensitive voter registration information or unofficial results reporting, CISA warns on the toolkit webpage. Perpetrators might block officials from accessing the data or threaten to leak it. Ransomware actors also might time and target their attacks to prevent officials from accessing important systems when they need them — such as during candidate filing and voter registration deadlines.

Malicious actors often use phishing to download ransomware or other malware onto victims’ computers. Election officials cannot stay safe from such ploys by simply avoiding opening email attachments, however, because officials often need to open attachments to access absentee ballot applications and conduct other routine duties.

Another concern is distributed denial of service (DDoS) attacks, which try to slow down websites or disrupt access to them by overwhelming servers with requests. These attacks could be used against local and state websites and could prevent residents from viewing information about voting or seeing unofficial election results.

The toolkit directs officials to a variety of tools, including those for assessing personnel’s susceptibility to phishing attempts, analyzing whether links might be malicious, backing up systems and more.

Alongside providing links to free election security-related tools, CISA also reminds agencies to keep up with cyber basics and best practices, such as using multifactor authentication, creating offline backups and updating software.