CISA’s Elections Operations Center to Remain Open for Another 45 Days  

Election Day marks the middle of the expected duration of the operations center to optimize coordination between critical entities during elections, according to senior officials of the Cybersecurity and Infrastructure Security Agency.

“Today, in some sense, is halftime,” CISA Director Christopher Krebs said in a press briefing Tuesday. “There may be other events or activities or efforts to interfere and undermine confidence in the election.”

Krebs and Acting Department of Homeland Security Secretary Chad Wolf described actions CISA has taken since the 2016 contest and—despite some interference attempts by foreign actors—expressed confidence in the security of the vote in 2020.

Among key measures CISA has implemented is an in-person operations center established at the agency’s headquarters in Arlington, Virginia. 

“We've got our operation center here up and running,” senior CISA officials said in a call with reporters following the briefing. “We've been in enhanced coordination posture now for 45 days and will continue that enhanced coordination posture for another 45 days, or as long as needed to make sure we're sharing information with our partners.”

The operations center will occupy both classified and unclassified spaces and include the FBI and the broader intelligence community, the Department of Defense, the United States Postal Service, the National Association of Secretaries of State, the National Association of State Election Directors, the Election Assistance Commission, both major political parties, social media and election technology companies, and others, according to CISA.

“We're sharing information at an unprecedented rate, allowing us to spot even the smallest events and share them across the entire country in order to stop threats in their tracks,” Wolf said, noting sensors in place to detect hacking attempts and cyber intrusions in election infrastructure across all 50 states.  

He also highlighted CISA’s support of state and local officials leading up to the election. That included online security training courses for nearly 3,000 elected officials, three annual table top exercises with more than 2,000 participants, helping election officials identify vulnerabilities, and manage risks with vulnerability scanning and penetration testing, he said. CISA has also established situational awareness capabilities that include virtual chat rooms where state and local officials can reach federal officials.

Senior CISA officials observed that the agency’s efforts, including advocacy around the need to have back-up systems in place in case of inevitable technical failures, have already proven effective.

“Elections sometimes are messy, technology sometimes fails,” the officials said. “I think we're already seeing some early indications and resilience of voting in action. [Secretary of State] Frank LaRose in Ohio made a statement this morning about Franklin County switching over to paper poll books.”

But officials remain vigilant. They are especially on the lookout for website defacement and distributed denial of service attacks that are characteristic of Iranian threat actors. And have established a “rumor control” page to counter disinformation.

Both Iranian and Russian threat actors have gained access to voter information, but officials said none of the data has been altered.

“Let me be clear, our election infrastructure is resilient,” Wolf said. “We have no indications that a foreign actor has succeeded in compromising or affecting the actual votes cast in this election. But we do remain on high alert here at DHS and CISA throughout the day and beyond to make sure that the integrity of our election infrastructure is maintained.”   

In later briefings with reporters, a senior CISA official responded to reports of robocalls instructing voters to stay home. The official said the FBI is investigating the source of the calls, but that such activity is common during elections. 

Potentially malicious traffic was observed around election systems in Florida, but this was also regarded as routine. 

“It's no surprise that the internet's kind of a rough neighborhood sometimes, and, you know, on a daily basis, there's a lot of suspicious and potentially malicious traffic,” the official said, but added that the state’s layered defense worked. 

But as polls closed in states across the country the official warned that the attack surface is shifting from one of voting technology to reporting of the results, which can be subject to disruption. 

Officials acknowledged their updates have been somewhat boring, but "that's a good thing," they said.