Critical Infrastructure Security

CISA shakes up election security leadership ahead of 2024 elections

(Image Credit: Hill Street Studios via Getty Images)

The Cybersecurity and Infrastructure Security Agency will have a new lead official charged with coordinating the agency’s election security efforts.

Caitlin Conley, who serves as a senior advisor to Director Jen Easterly, will be taking on “additional responsibilities” that include “spearhead[ing] CISA’s partnership, engagement and coordination efforts with election officials across the nation.”

Conley, a former U.S. Army operations officer, joined CISA in April after a two-year stint on the White House National Security Council. She previously worked as executive director for the Defending Digital Democracy Project at Harvard University and the Belfer Center, which researches strategies, tools and technologies that can protect elections from cyber attacks, disinformation and other threats that seek to undermine confidence in democratic processes and systems.

According to the center, Conley’s work included meeting with secretaries of state and other election officials to learn about vulnerabilities in election systems, running tabletop exercises on election threats leading up to 2020, and organizing a cross-disciplinary team of Harvard and MIT students, technology vendors and policy specialists to build new tools for election officials to defend against cyber attacks and disinformation campaigns.

“Cait is a dedicated public servant and combat-tested U.S. Army veteran with extensive operational and leadership experience working top national security priorities, including cybersecurity and counterterrorism,” Easterly said in a statement announcing the moves. “This experience, combined with her work leading the bipartisan Defending Digital Democracy Project, make her ideally suited to help those state and local officials carrying out elections in every community in America.”

At the same time, the agency announced that Kim Wyman, who has been the agency’s senior election security lead since 2021, will be leaving at the end of July for a job in the private sector.

Wyman brought a deep background in election administration to her role as a former Secretary of State for Washington, where she helped establish an Elections Security Operations Center and set up regular cybersecurity drills with her state and CISA. As a Republican, she drew praise in the election community for contradicting false claims from her own party that the 2020 elections and vote count were rigged against then-President Donald Trump in an environment where harassment and threats of election officials were surging. Prior to that, she spent a decade as elections director for Thurston County, Washington.

“It has been an honor to lead CISA’s election security efforts and to work side-by-side with so many talented and dedicated colleagues,” said Wyman. “I thank Director Easterly for the opportunity to support election officials in this role and to be part of this important mission. I am proud of the team and what we’ve already been able to accomplish. I have worked with Cait for the past several years in this election security space and know that CISA is in good hands with Cait joining the effort going forward.”

Elections have become a central - and politically fraught - part of CISA's identity

CISA’s role in supporting elections has been one of its most high-profile - and high-risk - areas of focus since elections were designated as critical infrastructure in 2017 under CISA’s predecessor agency, the National Protection and Programs Directorate in the wake of a years-long Russian hacking campaign targeting the 2016 presidential election.

While U.S. elections are largely run and administered at the local and state level, many of those entities lack the funding, expertise and visibility over cyber threats that the federal government can bring to bear. After some choppy waters in the early months following the designation, the agency eventually won the trust of many state and local officials who were previously suspicious of the federal government’s increased role.

Agency officials worked to establish trusted relationships between the federal government and state and local officials lead a public campaign to replace older electronic-only voting machines with devices that include paper ballots, conducted vulnerability assessments for election systems, and deployed sensors designed to monitor network traffic for state and local government systems for early signs of hacking attempts.

Those efforts helped put the nascent CISA - a new agency created in 2018 - on the map for many election officials and lawmakers in Washington D.C. and became a central component of its identity.

However, the agency’s foray into election security has also come with a cost. In the lead up to and aftermath of the 2020 presidential elections, CISA officials found themselves having to pivot from focusing on foreign-directed efforts to undermine U.S. elections to repudiating a widespread campaign by Trump and the Republican Party to claim that elections and vote counts on election night were manipulated.

Ironically, CISA’s work pushing paper ballots and other protections designed to affirm the integrity of election results formed both a key line of defense against those allegations and threatened the bipartisan support the agency had received in Washington up until that point.

When former Director Christopher Krebs, who had spent years touting the enhanced security measures and validation checks put in place since 2016, publicly contradicted Trump’s falsehoods about the election, he was promptly fired. Several other top officials who had helped shape the agency’s election security work, like deputy director Matthew Travis and Matt Masterson, a former elections official and senior cybersecurity advisor, resigned following Krebs’ departure.

Since then, CISA has continued much of that work under Easterly.

A CISA spokesperson told SC Media in an email that "election security is an enduring, year-round mission" and the agency's "support to state local election officials does not stop after November" and listed a range of activities they continue to carry out in this space.

"CISA continues to offer a range of no-cost cyber testing and assessment services to government and critical infrastructure partners, including in the election community on an ongoing basis, to assess and improve their cybersecurity posture, understand risk, and identify operational strengths and weaknesses," the spokesperson wrote. "We also regularly share information and intelligence with election officials and keeping them apprised of the evolving threat landscape, including through the Election Infrastructure Information Sharing and Analysis Center. The Joint Cyber Defense Collaborative has also set up an election-specific group to work with our private sector colleagues and election officials to provide threat briefings and offer no cost services to local communities."

The spokesperson did not provide details on the number of states or localities who have made use of those services in the lead up to 2024.

But CISA's pushback on domestic disinformation has become more muted since 2020, while Republicans have gotten more hostile to the agency’s mission. A federal advisory board around disinformation led by the Department of Homeland Security and CISA was shuttered last year after criticism from Republicans and others that it amounted to a federal censorship body (the board would not have had any legal or binding authority to make such decisions).

This week, Republican leaders on the House Judiciary Committee released an interim report that alleged the agency has “facilitated the censorship of Americans directly and through third-party intermediaries” and sought to outsource its disinformation work to a non-profit, the Elections Infrastructure Information Sharing and Analysis Center.

State and local officials and election security experts, on the other hand, have criticized certain elements of the government’s approach over the years, such as the Disinformation Governance Board, but largely describe the agency’s work as supporting local election officials who have faced an unprecedented wave of harassment over the past three years.

Derek B. Johnson

Derek is a senior editor and reporter at SC Media, where he has spent the past three years providing award-winning coverage of cybersecurity news across the public and private sectors. Prior to that, he was a senior reporter covering cybersecurity policy at Federal Computer Week. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.