Thirty-three states have sought out the Department of Homeland Security (DHS) for cybersecurity services, according to Andy Ozment, Assistant Secretary for Cybersecurity and Communications at DHS.
DHS can provide state and local election agencies with cyber hygiene scans, as well as vulnerability and risk assessments. Ozment stated that states have been using these services as they prepare to host the election in November. They agency will send weekly reports to the governments, notifying them of vulnerability areas and providing information on how to fix such issues.
“They have indeed been popular! And the 33 states are just asking about election-related systems, usually voter registration systems. Many states and localities take advantage of cyber hygiene for other systems that they own, unrelated to elections,” Ozment wrote during Federal News Radio’s “Ask the CIO” web chat. “Our cyber hygiene scans are vulnerability scans that are not credentialed. So we do not have login credentials to the systems – we just look at them from the outside.”
In addition to offering election agencies cyber hygiene services, DHS also provides free online cybersecurity training and workforce development programs to Federal, state, local, and tribal government employees, as well veterans.
Ozment also called on Congress to fund the President’s budget, which includes 24 incident response teams, 24 penetration testing teams, all of the Continuous Diagnostics and Mitigation (CDM) program’s phase 3 and a “good start” on CDM phase 4. He also stated that Congress needed to create and fund the $3.1 billion Information Technology Modernization Fund.
“As agencies deploy CDM, we will have a much better understanding of their security posture. In fact, they will have a much better understanding of their own security posture. So agencies who connect to other agencies will better understand the risks that they are taking,” Ozment wrote. “We are asking agencies to implement better network segmentation, so that even if they connect to each other, there are stronger security controls in place at the connection. CDM phase 4 will help with that, as it includes network segmentation capabilities.”