DHS: Election officials inundated, confused by free cyber-security offerings

Election officials across the US are inundated and confused by the plethora of free cyber-security offerings that the private sector has made available in the past months, a Department of Homeland Security official said last week.

According to a list compiled by CyberScoop, companies that have provided free tools and services to election officials include McAfee, Cylance, Cloudflare, Google's Jigsaw, Synack, Akamai, Centrify, Microsoft, Valimail, Facebook, Symantec, Netscout, and 1Password. Free offerings ranged from DDOS protection to DNS records security, and from free antivirus offerings to domain spoofing services.

But while the actions of these companies were driven by a desire to help, a DHS official says these free offerings have managed to create confusion with some election officials.

"So what we've seen is a lot of the cyber-security companies and the IT companies offering free services, which I think is a great move forward," said Christopher Krebs, Under Secretary for National Protection and Programs Directorate at the DHS, in an interview on the Cyberlaw Podcast, last week.

"One thing that I am seeing with a lot of these companies offering free services is that the election officials down range are being inundated and they can't really kinda contextualize this service vs that service, [and] what does it get them," he added.

Krebs suggests that these free cyber-security offerings should be provided to the DHS, which in turn, should work to distribute them in a more organized manner.

"We need a more coordinated, almost holistic approach, but that's tough," Krebs said. "But if it's free and presumably not a loss leader free, then there's probably a better way we can do this so we can use some of our coordinating mechanisms through DHS and the critical infrastructure partnerships to figure out what this suite of services looks like."

Krebs says the DHS has already played a big role in the cyber-security training of election officials so far.

"We've been working with the RNC, the DNC, and the state level party heads on basic training, basic awareness, recommendations, [we've] partnered with the Belfer Center and pushed out some campaign security checklists," Krebs said.

He says that many campaigns "are on a shoestring budget" and "just don't have the talent, the wherewithal, or the cash to pay for" many of the protection measures the DHS has been recommending.

The free services provided by the private cyber-security sector could have been put to better use if they had been integrated into the recommendations that the DHS has been sending out already.

Instead, many of these offerings have been thrown at election officials via press releases and without any input from the DHS, leaving many officials confused about what they're supposed to do with them.

RELATED COVERAGE:

• Majority of county election websites in 20 key swing states use non-.gov domains
  
• FireEye links Russian research lab to Triton ICS malware attacks
• China has been 'hijacking the vital internet backbone of western countries'
• China tells Trump to switch to Huawei after NYT iPhone tapping report
• North Korea blamed for two cryptocurrency scams, five trading platform hacks
• Russian hacker pleads guilty to get-rich-quick botnet CNET
• Facebook removes more Iran-linked accounts, this time targeting the US & UK
  
• Microsoft Windows zero-day vulnerability disclosed through Twitter TechRepublic
• Hacker Guccifer, who exposed Clinton private email server, ready for US prison sentence