CISA & EAC Develop Risk Profile Tool for Election Officials


WASHINGTON – Today, the Cybersecurity and Infrastructure Security Agency (CISA), in partnership with the Election Assistance Commission (EAC), released the Election Risk Profile Tool, a user-friendly assessment tool to equip election officials and federal agencies in prioritizing and managing cybersecurity risks to the Election Infrastructure Subsector.  

The new tool is designed to help state and local election officials understand the range of risks they face and how to prioritize mitigation efforts. It also addresses areas of greatest risk, ensures technical cybersecurity assessments and services are meeting critical needs, and provides a sound analytic foundation for managing election security risk with partners at the federal, state and local level.  

“There is no question the security of our election systems has vastly improved, thanks in large part to our election officials’ capability to understand where the risks lie in their systems and determine the most effective way to manage those risks,” said CISA Director Christopher Krebs. “Together with our partners at the EAC, we are constantly looking for ways to make the process of mapping out these risks easier and widely available for all of our partners. This is yet another tool to help support election officials to protect the 2020 elections and beyond.”

“The EAC has worked to expand our cybersecurity resources for election officials and the Risk Profile Tool serves as an important security enhancement for network protection,” said EAC Chairman Ben Hovland. “As federal partners, CISA and the EAC are committed to providing useful tools to assist election officials as they run secure, accessible and accurate elections.” 

The Election Risk Profile Tool:

  • Is a user-friendly assessment tool for state and local election officials to develop a high-level risk profile across a jurisdiction’s specific infrastructure components;
  • Provides election officials a method to gain insights into their cybersecurity risk and prioritize mitigations;
  • Accepts inputs of a jurisdiction’s specific election infrastructure configuration; and
  • Outputs a tailored risk profile for jurisdictions, which identifies specific areas of highest risk and recommends associated mitigation measures that the jurisdiction could implement to address the risk areas.

This tool is funded through CISA’s National Risk Management Center’s Tech Transfer, which allows Federal investments to be used by partners to implement risk management programs. The tool is available on the EAC website. CISA’s election security tools and resources can be found on at www.cisa.gov/protect2020. The EAC’s resources including Election Security Preparedness resources can be found at www.eac.gov/election-officials/election-security-preparedness.

 

###

Last Published Date: September 2, 2020