Aid for states is not the only thing that didn’t make it into the $480 billion stimulus package President Trump signed today – funding for cybersecurity also was notably missing, something that security experts, policymakers and security experts hope Congress will rectify in future stimulus bills, particularly around election security.
In a letter to House Speaker Nancy Pelosi, D-Calif., and Minority Leader Kevin McCarthy, R-Calif., the Cybersecurity Coalition, Alliance for Digital Innovation, BSA, The Software Alliance, The Computing Technology Industry Association (CompTIA), Cyber Threat Alliance, Global Cyber Alliance and Information Technology Industry Council (ITI) pressed for funding for states and local governments to secure their systems, some of which provide “critical services, particularly as residents increasingly telework, access state resources online, and depend on” critical infrastructure owned and operated by those governments.
“State and local entities, however, have long lacked the resources to adequately secure and maintain their digital infrastructure,” the group wrote. “The rise in malicious cyberattacks targeting state and local entities, combined with the chronic lack of workforce, patchwork legacy systems, under-resourced cybersecurity and IT services, and uneven federal assistance creates a greater risk of system failure that interrupts services on which state and local populations depend.”
Of particular importance is securing elections, which has taken on greater urgency with the presidential contest well under way during the pandemic.
Pointing to the findings in the penultimate volume of the Senate Intelligence Committee’s five-part report on Russian election interference in the 2016 election, Mike Hamilton, former CISO for Seattle and CISO of cybersecurity firm CI Security, said, “the failure to include adequate funding to secure upcoming elections leads to a number of interesting possibilities, none of which are good news for election management.”
Among the issues, breakdowns of equipment on Election Day coupled with inadequate support could dilate the time it takes to cast a vote and keep people at home.
“The integrity of the upcoming election may now be called into question, leading to chaos and another election outcome that is decided in the courts – which are now more partisan, and stacked in favor of the Republican party,” he said.
Vote by mail efforts are probably too little, too late. “Preparation for mail in voting should have begun in earnest as one of the actions taken by State Emergency Operations Centers, in order to provide continuity of operations in government,” Hamilton said. Likewise, virtual elections would be difficult to execute “without significant development and testing time,” otherwise “a fast method developed for online voting would only exacerbate the narrative that the election outcome cannot be trusted.”