DHS holds election security exercise with states to prep for midterms

With less than three months until the midterm elections, federal agencies worked with 44 states on all types of attack scenarios.
DHS election security exercise
(FEMA / Bill Koplitz)

With less than three months until the midterm elections, the Department of Homeland Security held a three-day exercise this week that allowed state and local officials to practice warding off an array of cyberthreats, from spearphishing campaigns to denial-of-service attacks.

The drills, which featured officials from 44 states, the National Security Agency and U.S. Cyber Command, among other federal agencies, “explored potential impacts to voter confidence, voting operations, and the integrity of elections,” according to a DHS statement.

The Election Assistance Commission, the federal agency charged with distributing $380 million in election-security funding to states, also took part.

DHS said private vendors participated in the exercise, but did not name them.


The exercise covered several scenarios, according to DHS: spearphishing against election officials; social media manipulation related to political candidates; “disruption” of voter registration IT systems; denial-of-service attacks and “web defacements” affecting board of election websites and web applications; “the exploitation of state and county board of election networks;”’ and “malware infections impacting electronic voting machines and election management system software.”

Grappling with those simulated attacks, federal, state and local officials tested their lines of communication and their ability to quickly share threat information. The drill also harped on the importance of having a cyber incident response plan with regards to election infrastructure. Specifically, participants examined “procedures for requesting state and federal incident response resources if county and state resources are exhausted,” according to the DHS statement.

“In this environment, if we prepare individually, then we fail collectively, and I am grateful for everyone’s participation and partnership this week,” Homeland Security Secretary Kirstjen Nielsen said in a statement.

The DHS-led exercise comes as U.S. officials warn that Russia will continue to interfere in U.S. elections, and as states ramp up their cybersecurity measures to prepare for the midterms.

In advance of the 2016 presidential election, Russian hackers probed the IT systems of 21 states, including Illinois, where they breached a voter registration database. While activity on that scale has not yet surfaced this campaign season, Sen. Claire McCaskill, a Democrat in a close race in Missouri, has confirmed that she was targeted by Russian spearphishers.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts