Adrian Johnson
TLDR:
- The CISA cybersecurity checklist provides standard preventive measures for election infrastructure.
- It covers basics such as MFA, segmenting, backups, and email protections.
CISA has released a new cybersecurity checklist aimed at election staff ahead of the 2024 presidential election. The checklist emphasizes the importance of basic cybersecurity practices for counties and localities with limited IT support. It highlights the need for multi-factor authentication (MFA), network segmentation, backups, and email protections. The checklist also addresses threats such as DDoS attacks, ransomware, and potential vulnerabilities in voting machines.
The checklist advises election officials to implement MFA for all accounts, enable DMARC, and provide updated training on phishing. It also recommends redirecting readers to existing resources for DDoS mitigation and emphasizes the importance of having a tested response plan for ransomware attacks. CISA offers free cyber hygiene vulnerability scanning and resources to support election infrastructure teams.
While there have been relatively quiet attempts on election infrastructure so far, the FBI and CISA warn of potential threats from state-backed hackers. The cybersecurity checklist serves as a reminder for election officials to ensure they have covered all defense measures. Although the advice is basic, it is crucial for those overseeing election infrastructure to implement these measures to protect against potential cyber threats.
