DHS: Election officials inundated, confused by free cyber-security offerings

Official would have liked free offerings to have been coordinated through DHS.

Election officials across the US are inundated and confused by the plethora of free cyber-security offerings that the private sector has made available in the past months, a Department of Homeland Security official said last week.

According to a list compiled by CyberScoop, companies that have provided free tools and services to election officials include McAfee, Cylance, Cloudflare, Google's Jigsaw, Synack, Akamai, Centrify, Microsoft, Valimail, Facebook, Symantec, Netscout, and 1Password. Free offerings ranged from DDOS protection to DNS records security, and from free antivirus offerings to domain spoofing services.

But while the actions of these companies were driven by a desire to help, a DHS official says these free offerings have managed to create confusion with some election officials.

"So what we've seen is a lot of the cyber-security companies and the IT companies offering free services, which I think is a great move forward," said Christopher Krebs, Under Secretary for National Protection and Programs Directorate at the DHS, in an interview on the Cyberlaw Podcast, last week.

"One thing that I am seeing with a lot of these companies offering free services is that the election officials down range are being inundated and they can't really kinda contextualize this service vs that service, [and] what does it get them," he added.

Krebs suggests that these free cyber-security offerings should be provided to the DHS, which in turn, should work to distribute them in a more organized manner.

"We need a more coordinated, almost holistic approach, but that's tough," Krebs said. "But if it's free and presumably not a loss leader free, then there's probably a better way we can do this so we can use some of our coordinating mechanisms through DHS and the critical infrastructure partnerships to figure out what this suite of services looks like."

Krebs says the DHS has already played a big role in the cyber-security training of election officials so far.

"We've been working with the RNC, the DNC, and the state level party heads on basic training, basic awareness, recommendations, [we've] partnered with the Belfer Center and pushed out some campaign security checklists," Krebs said.

He says that many campaigns "are on a shoestring budget" and "just don't have the talent, the wherewithal, or the cash to pay for" many of the protection measures the DHS has been recommending.

The free services provided by the private cyber-security sector could have been put to better use if they had been integrated into the recommendations that the DHS has been sending out already.

Instead, many of these offerings have been thrown at election officials via press releases and without any input from the DHS, leaving many officials confused about what they're supposed to do with them.

RELATED COVERAGE: