That did not happen, according to a Government Accountability Office (GAO) report.
While noting that state election officials generally “were very satisfied with CISA’s election-related work,” the report said the agency “is not well-positioned to execute a nationwide strategy for securing election infrastructure prior to the start of the 2020 election cycle” because it has not completed plans.
As if to prove the point, shortly before the GAO findings were released in February, the Iowa caucuses ended in a debacle when a new app for reporting results failed, plunging the first contest of the season into disarray.
Then, during Super Tuesday last week, voting machine malfunctions and other technical problems combined with higher than expected turnout, leaving some voters in Texas and California waiting hours to cast ballots.
While much attention has been focused on Russia’s attempts to interfere in the presidential election, these cases point to homegrown preparedness problems. The watchdog’s report indicates the federal government was not fully prepared to deal with the challenges that have developed in this still young election season.
According to the report, cybersecurity agency officials said they are unlikely to develop plans for election security assistance to political parties or come up with strategies for raising public awareness about foreign threats. “Moreover,” it added, “CISA has not developed plans for how it will address challenges” including:
• A lack of “actionable recommendations” in classified threat briefings. This could hinder the ability of state election officials “to effectively communicate with information technology and other personnel in their agencies who did not have [security] clearances.” GAO suggested DHS offer unclassified briefings.
• The failure of “CISA personnel supporting election security operations to access social media websites … which hindered their collection and analysis of threat information.”
• The inability of staffers to quickly provide Election Day resources, “which could limit the agency’s timeliness in responding to an incident.”
Money apparently isn’t the problem.
“Congress provided CISA $43.5 million in December, nearly double the requested amount, to improve election security and counter foreign influence on our elections,” said an email from Rep. Lucille Roybal-Allard (D-Calif.), chairwoman of the House Appropriations subcommittee on homeland security.
She is one of four members of Congress who received the report. She urged the agency to “move even more quickly … to help jurisdictions prepare for and respond to attacks on election systems.”
The cybersecurity agency agreed with a GAO recommendation to issue a plan that “fully addresses all lines of effort … for securing election infrastructure for the upcoming elections.”
A statement from the agency defended its record, saying it has been getting ready for three years, including through preparation exercises with state and local officials.
“CISA is better prepared and more ready to support our partners across the election community than ever before,” according to the agency. “Today, we are working with all 50 states and more than 2,400 jurisdictions. This whole-of-government effort to secure elections has been unprecedented … Our work is not done, we continue to build and grow every day, but we understand the threat and the need to take action to keep our systems safe, and we are ready for 2020.”
Jeanette Senecal, the League of Women Voters senior director of mission impact, agrees the agency’s work is not done, but takes a much dimmer view of the work it has already done.
“The findings in this report are highly problematic …,” she said by email. “Cyber threats have only evolved since 2016 and more needs to be done to safeguard our elections and protect our democracy. It is a mistake for this administration not to take more proactive measures to address the underlying problems.”
Responding to the agency’s acknowledgment that it won’t issue plans for increasing public information on foreign threats, Senecal said “perhaps the most troubling piece is the finding that DHS may have misled state and local officials about the support they would be providing to secure state and local systems … related to public awareness about misinformation and foreign influence.
“Now that state and local election officials will not be receiving the support they were expecting,” she added it is critical for the federal government to work with nonprofits like hers “to fill that void and ensure the public has trusted information to participate in our elections.”
After GAO released its study, DHS released a strategic plan that partially addresses issues in the report, according to Vijay A. D’Souza, GAO’s director of cybersecurity issues. “We would still hope that the operations plan is finalized and that DHS fully address challenges and issues it had identified in its own reviews,” he said. “To date we haven’t seen evidence that that is completed.”