DHS prioritizes restart of election security programs post-shutdown

(CNN)Since the shutdown ended, the Department of Homeland Security has prioritized the resumption of its election security programs, some of which were forced to go on hiatus during the lapse in government funding, according to Cybersecurity and Infrastructure Security Agency Director Chris Krebs.

"Coming out of the shutdown, anything that had paused on election security-related activities was put on the top of the priority list for restart," he said.
Krebs told CNN that if there was an active threat during the shutdown, the department was able to respond by conducting assessments and hunting down the threat.
    "What paused was the more routine vulnerability assessments," he said. Those included a "couple of the election security-related" assessments run by the department, specifically focused on state networks.
    During the shutdown, the agency said in a statement that it had "ceased a variety of critical cybersecurity and infrastructure protection capabilities," but no specific details were provided.
    Despite fear among cyber experts that the shutdown was a ripe time to target the government's networks, Krebs said he wasn't aware of an uptick of attacks directed at the federal system.
    "I don't believe we detected any appreciable uptick," he said.
    Amid the shutdown, the Cybersecurity and Infrastructure Security Agency made an emergency directive on Jan. 22 for federal agencies to take immediate steps to protect themselves from ongoing "hijacking and tampering" cybersecurity incidents aimed at Domain Name System records, like ".gov" and ".com."
    According to Krebs, although there were a "couple outliers," the bulk of federal agencies have been able to comply with the department's first-ever emergency directive.
    "Across the board ... we've been satisfied with the response, in responding and implementing the measures," said Krebs.
    One of the outliers was an agency that outsourced some of its web services and it turned out that the contractor doesn't have the ability to implement multi-factor authentication -- a requirement of the directive.
    "We are working with them on their future road map plans for shifting the service," said Krebs.
    The directive also required agencies to update passwords and monitor logs, within 10 business days.
    The deadline to comply was this week.
    "(W)hether it's a .gov -- there are limited cases of .coms and .orgs across the federal government -- it's the agency's responsibility to ensure that those domains are appropriately protected," said Krebs.
    The Cybersecurity and Infrastructure Security Agency, overseen by DHS, is the lead agency tasked with protecting the networks of more than 98 civilian federal agencies, from the very large to the tiny.
    Krebs said there was a "sense of urgency that we needed to act" on the directive given the shutdown, but the timing of the attacks wasn't related to the lapse in government funding.