Colorado among states engaged in “Cyber Storm” exercises
The Department of Homeland Security is giving states, including Colorado and Texas, a chance to game out how they might respond to a cyberattack on election systems ahead of this year’s midterm vote.
The department began its biennial “Cyber Storm” exercises on Tuesday, working with more than 1,000 “players” across the country, including state governments and manufacturers, to test how they would withstand a largescale, coordinated cyberattack aimed at the U.S.’s critical infrastructure such as transportation systems and communications.
The program, running for the sixth time, involves three days of simulations. Seven states are taking part, according to Jeanette Manfra, assistant secretary of Homeland Security. This year, amid continued threats of Russian interference in American elections, some of those states will see how prepared they are for hackers targeting their election systems in drills that don’t actually attempt to breach their computers.
“We are making it as realistic as possible, and nation-state threats are our priority,” Manfra told reporters Tuesday at the Secret Service headquarters in Washington, where the simulation’s “control center” is located. “The cyber threats to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront.”
Manfra has said Russia targeted the registration systems of 21 states in 2016, including Illinois, which said some of its voter information was extracted but not changed. The department designated elections as critical infrastructure in January 2017, to allow states to tap into federal help.
Two states participating in this year’s drills specifically requested exercises from Homeland Security testing their response to electionrelated cybersecurity risks, according to a department official, who asked not to be identified because of the sensitivity of the subject.
While the department wouldn’t identify the states, officials in Texas and Colorado confirmed that their election officials were taking part.
In February, 40 state election officials gathered in a guarded Maryland office for a classified briefing on risks to their election systems, and Homeland Security has granted clearances to some of the election officials to receive classified information from federal agencies.
The Homeland Security official who asked not to be identified said the department expects to receive additional requests for election cyber exercises before the November election.
Colorado’s state government is participating in Cyber Storm along with three counties, according to Trevor Timmons, chief information officer at the Colorado secretary of state’s office. The drills come as the state’s June 26 primaries approach.
“Colorado’s exercises will be looking at elections issues,” Timmons said in a phone interview. “We absolutely requested that.”
While teams work on the simulation in Denver this week, a Colorado official will sit with federal authorities and other states at the National Cybersecurity and Communications Integration Center outside Washington to develop the response, Timmons said.
“It’s kind of like a game,” he said.
To add “realism” to this year’s drills, Manfra said the department created a closed portal that will simulate social media platforms and news sites, and where participants can create posts and interact with each other.
“This is a very important component,” Manfra said, because social media and news sometimes add “a new dimension to how we respond to cyber incidents, and we felt that it was very important for our players to learn how to navigate that as well as incorporate that into their processes.”