States Game Election Cyber Threats in Homeland Security Drills

The Department of Homeland Security is giving states, including Colorado and Texas, a chance to game out how they might respond to a cyberattack on election systems ahead of this year’s midterm vote.

The department began its biennial “Cyber Storm” exercises on Tuesday, working with more than 1,000 “players” across the country, including state governments and manufacturers, to test how they would withstand a large-scale, coordinated cyberattack aimed at the U.S.’s critical infrastructure such as transportation systems and communications.

The program, running for the sixth time, involves three days of simulations. Seven states are taking part, according to Jeanette Manfra, assistant secretary of Homeland Security. This year, amid continued threats of Russian interference in American elections, some of those states will see how prepared they are for hackers targeting their election systems in drills that don’t actually attempt to breach their computers.

“We are making it as realistic as possible, and nation-state threats are our priority,” Manfra told reporters Tuesday at the Secret Service headquarters in Washington, where the simulation’s “control center” is located. “The cyber threats to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront.”

Manfra has said Russia targeted the registration systems of 21 states in 2016, including Illinois, which said some of its voter information was extracted but not changed. The department designated elections as critical infrastructure in January 2017, to allow states to tap into federal help.

Two states participating in this year’s drills specifically requested exercises from Homeland Security testing their response to election-related cybersecurity risks, according to a department official, who asked not to be identified because of the sensitivity of the subject.

While the department wouldn’t identify the states, officials in Texas and Colorado confirmed that their election officials were taking part.

In February, 40 state election officials gathered in a guarded Maryland office for a classified briefing on risks to their election systems, and Homeland Security has granted clearances to some of the election officials to receive classified information from federal agencies.

The Homeland Security official who asked not to be identified said the department expects to receive additional requests for election cyber exercises before the November election. Federal officials will tailor the simulations depending on a state’s election operations and technology assets, the official added.

Colorado’s state government is participating in Cyber Storm along with three counties, according to Trevor Timmons, chief information officer at the Colorado secretary of state’s office. The drills come as the state’s June 26 primaries approach.

“Colorado’s exercises will be looking at elections issues,” Timmons said in a phone interview. “We absolutely requested that.”

While teams work on the simulation in Denver this week, a Colorado official will sit with federal authorities and other states at the National Cybersecurity and Communications Integration Center outside Washington to develop the response, Timmons said.

“It’s kind of like a game,” he said.

Texas election officials are also participating in the Cyber Storm simulations this week, according to Sam Taylor, a spokesman for the Texas secretary of state’s office, which oversees election technology in the state.

To add “realism” to this year’s drills, Manfra said the department created a closed portal that will simulate social media platforms and news sites, and where participants can create posts and interact with each other.

Facebook founder Mark Zuckerberg begins two days of congressional testimony Tuesday, when he’s expected to face a grilling on data breaches and deceptive posts during the 2016 elections.

“This is a very important component,” Manfra said, because social media and news sometimes add “a new dimension to how we respond to cyber incidents, and we felt that it was very important for our players to learn how to navigate that as well as incorporate that into their processes.”