Written by AJ Vicens
Oct 28, 2021 | CYBERSCOOP
Security personnel charged with the challenging and high-stakes work of protecting election systems from digital threats might soon have another task on their to-do list: reporting any cyber incidents to the federal government.
That’s if election technology, designated critical infrastructure in 2017, falls under proposed rules requiring critical infrastructure owners and operators to notify federal officials about cyber incidents, such as attempted hacks and ransomware attacks.
The idea has surfaced again in a recent Stanford Internet Observatory paper authored by a former high ranking election security official who offered recommendations for election administration reform, ranging from increased funding to centralizing election IT infrastructure at the state level. The proposals are consistent with multiple bills under consideration in Congress, where momentum is building to require operators of critical infrastructure—pipeline owners, electrical grids, and other industries key to U.S. interests—to disclose yet-to-be defined cyber “incidents” to the Department of Homeland Security, FBI or officials who can quickly respond to cyberattacks.
It remains unclear whether the federal government could mandate that the roughly 10,000 election jurisdictions—ranging from small towns to counties to states—report cyber incidents. And if it could, questions abound about who