CISA Unveils Cybersecurity Toolkit to Shield US Elections From Hackers

  • The US Cybersecurity and Infrastructure Security Agency (CISA) has compiled and released a list of free cybersecurity tools for the election community.

    The CISA released the toolkit through the Joint Cyber Defense Collaborative (JCDC) with the goal of helping state entities and companies step up their cybersecurity efforts and improve the cyber resilience of US election infrastructure.

    The toolkit resources JCDC focus on involve assessing risk and protecting election infrastructure assets commonly targeted by four different types of attacks. These are phishing, ransomware, and distributed denial-of-service (DDoS) attacks, respectively.

    CISA also released some guidelines on how to use the new toolkit.

    “First, use the Election Security Risk Profile Tool to assess your risk. The tool, developed by CISA and the US Election Assistance Commission, can help state and local election officials understand the range of risks they face and how to prioritize their mitigation efforts.”

    The guide also contains a list of election infrastructure assets most commonly targeted by the aforementioned attacks, which includes electronic poll books and voter registration databases, state and local websites and email systems and networks that election offices rely on for regular business functions.

    “The services and tools are aligned with the Protect and Detect functions of the NIST Cybersecurity Framework,” CISA wrote.

    “Protect enables outlines safeguards to ensure the delivery of critical services and Detect defines activities to identify the occurrence of a cybersecurity event.”

    However, the Agency also warned that the toolkit is not comprehensive: “CISA applies neutral principles and criteria to add items and maintains sole and unreviewable discretion over the determination of items included.”

    The release of the new toolkit comes months after CISA published a 5G Security Evaluation Process to help companies improve their security posture before deploying 5G applications.

    More recently, the Agency announced plans to open its first Attaché Office in London.