Stakeholders Emphasize Importance of CISA Regional Engagements to Future Election Security Work

The Cybersecurity and Infrastructure Security Agency has a key role to play in the election “off-season” to help state and local officials safeguard their systems against emerging threats in advance of upcoming races in 2025 and 2026, according to former elections lead Kim Wyman.

The ramp-up to the next election cycle offers an opportunity for state and local officials to leverage “a natural partnership with CISA to have protective security advisors who are walking through facilities and giving things to think about in terms of securing them and what's going to be a best practice from a security standpoint, and the same on the cyber side,” Wyman told Inside Cybersecurity.

Wyman served as CISA’s senior election security advisor during the 2022 midterm elections and previously was the Washington Secretary of State. Wyman is currently a senior fellow at the Bipartisan Policy Center.

Kim Wyman, Senior Fellow, Bipartisan Policy Center

“Election officials are really looking at their incident response and comms plans, certainly evaluating how effective they were in 2024,” Wyman said. “That’s a space where it's just natural for CISA to be helping with those to develop and fine-tune them.”

Wyman emphasized the impact of CISA’s regional election security advisors. She said, “CISA really helped local officials plan well, and people became more aware of their presence and their services because of that.”

Marci Andino, vice president of the Elections Infrastructure Information Sharing and Analysis Center, explained that CISA “added 10 election security advisors” to serve as “boots on the ground” at the regional level in the lead-up to the 2024 elections.

She said the EI-ISAC team worked “really closely” with the regional advisors, noting that they “helped be able to get not just our message, but also the CISA message out to local election officials.”

Andino said officials at the state and local levels would suffer a “real loss” if CISA’s regional election security efforts are not funded “at an adequate level” for future elections.

Securing campaigns

Michael Kaiser, president and CEO of the nonprofit Defending Digital Campaigns, highlighted ongoing work to prepare for upcoming elections. He said, “The off-season is not as ‘off’ as people think it is.”

DDC provides free cyber expertise and services, including multifactor authentication and strategic cyber planning, to political parties and individual campaigns. Kaiser noted the nonprofit’s efforts headed into 2025 will particularly focus on gubernatorial elections in Georgia, Ohio, Michigan and Virginia, as well as congressional campaigns in the early stages of preparing for midterms.

The GOP’s “slim” margin in the next Congress, according to Kaiser, means that “campaigns are already putting in work to secure seats beyond 2026.

Kaiser told Inside Cybersecurity, “Looking ahead toward 2025 and 2026, we’re going to see a pretty substantial amount of cyber activity in the political sector.”

Although the races may seem far away, Kaiser noted campaign assets and systems need to be secured in advance.

Campaigns are not running “at the scale you’re going to see two months prior to Election Day,” Kaiser explained, but “there’s fundraising happening, they have infrastructure that's in place that could be vulnerable, [and] they’re sending emails.” Competitive fundraising leads to increased risk, Kaiser said, as malicious cyber actors may seek a potential payout.

For these reasons, Andino said the election infrastructure community will not rest on its laurels following the 2024 election. She said, “As soon as one election ends, they start planning for the next general and everything in between.”

Kaiser pointed to supply chain risk as an area of focus for DDC’s work with political campaigns. He said, “The amount of activity that happens in third parties in the campaign space is tremendous – fundraising, data crunching, processing of door-knocking data – a tremendous amount of that doesn’t happen in the campaign anymore. It happens through vendors.”

The vendor community “was targeted pretty strongly” in 2024, according to Kaiser. The DDC executive said, “That all makes sense. If you want to compromise campaigns, you go to a vendor that has many campaigns under their umbrella, and if you compromise them you could compromise many all at once.”

Campaigns were targeted by multiple nation-state actors in the 2024 election cycle.

The Trump campaign, for example, was targeted by Iranian actors through a hack-and-leak operation that was confirmed by the intelligence community in August.

The China-backed Salt Typhoon threat group also hacked mobile devices used by President-elect Trump, Vice President-elect JD Vance and staff members of Vice President Kamala Harris’s campaign, according to media reports in October.

Wyman noted that political campaigns qualify for free services from CISA and are key players in the election community.

Even though campaigns are “political entities,” Wyman emphasized that their operations have “an effect on the election.” She added, “It has an effect on people's confidence in the election system and, ultimately, people’s confidence in who's elected.”

Future CISA operations

The future of CISA’s election-focused operations may be in peril with Senate Homeland Security ranking member Rand Paul (R-KY) expected to chair the committee in the next Congress. Paul expressed concerns to Inside Cybersecurity in November over CISA’s engagement with social media companies in election security work, citing issues of free speech and censorship online.

Wyman said the federal government “has to be really careful that you’re not trampling on that protected right” of free speech.

Amid tensions regarding CISA’s work with social media companies, Wyman pointed to an “evolution” of efforts to combat foreign influence “over the last four years.” She said CISA and the intelligence community have come to the “realization that the government’s role is to put the information out that is true, correct and factual.”

The former CISA official argued that the intelligence community’s rapid attribution of threats in the 2024 election cycle was a success. On foreign influence operations, she said, “The sooner that you can attribute where it comes from and be able to say, ‘This is actually Iran,’ or ‘This is a website in Russia,’ it changes the way people are going to accept that information.”