The final strategy and operating plan from the DHS Cybersecurity and Infrastructure Security Agency (CISA) was due in January but has been delayed, at least in part to a reorganization at the agency, GAO says in the Feb. 6 report, Election Security: DHS Plans Are Urgently Needed to Address Identified Challenges Before the 2020 Elections (GAO-20-267).
The report highlights that in November 2019, the Election Infrastructure Information Sharing and Analysis Center, which is funded by CISA, included 2,267 local jurisdictions as members versus 1,384 in 2018.
CISA the last two years has also conducted two exercises with state and local election officials related to issues and risks facing election infrastructure.
"As a result of its efforts, CISA has provided a variety of services to states and local election jurisdictions in the past 2 years," GAO says.
These services, which have to be voluntarily accepted by the states and localities, include scanning of internet accessible systems for known vulnerabilities, assessments for potential network vulnerabilities, assessments of potential vulnerabilities to malicious emails, and education efforts.
DHS said it continues to forge ahead with election security efforts and that it is ready.
"For three years, we've been building partnerships, providing support and services including penetration testing, phishing assessments and preparedness exercises to state and local officials charged with securing our election infrastructure," a CISA spokesperson said. "As primary season begins and the 2020 election season gets underway, we are prepared and ready to support our partners across the election community. Today, we are working with all 50 states and more than 2,400 jurisdictions. This whole-of-government effort to secure elections has been unprecedented. We appreciate GAO's recognition of these efforts. Our work is not done, we continue to build and grow every day, but we understand the threat and the need to take action to keep our systems safe, and we are ready for 2020."