Feb 20, 2024 - Technology

GOP criticism of top cybersecurity agency could hurt election security

Illustration of a campaign button cracked in many pieces.

Illustration: Maura Losch/Axios

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) faces rising criticism from the GOP over how it's handling election security.

Why it matters: 2024 is already proving to be a difficult year for election security, with state-backed foreign disinformation and AI-fueled scams flooding voters.

  • CISA is a go-to source for fact-checking election information and preparing state and local election officials to address such obstacles.

What's happening: A mix of GOP lawmaker vitriol and Republican-led court challenges has discouraged experts outside of government from collaborating with CISA and other agencies leading up to the 2024 elections.

  • A lawsuit last year sent ripples through the federal government as judges bounced between blocking and unblocking communications between the Biden administration and social media companies.
  • Growing conservative criticism has also driven away some participants in CISA's mainstay cyber threat intelligence-sharing platform, according to Politico.

Driving the news: DHS Secretary Alejandro Mayorkas became the first cabinet secretary to be impeached since 1876 last week.

  • As a DHS agency, CISA gets questions about the department's budget and personnel appointments.
  • The impeachment vote is just the latest example of the rising tensions between DHS and Republican leaders.

Of note: CISA's leadership has faced physical threats as the 2024 election cycle begins.

  • Last month, CISA director Jen Easterly was the target of a swatting incident at her home, as The Record reported.
  • CISA released a guide for election officials Wednesday on handling mail safely and identifying any hazardous materials snuck into packages.

What they're saying: ""It requires an incredibly thoughtful and careful approach," Suzanne Spaulding, a former DHS undersecretary who led the agency that later became CISA, told Axios.

  • "What worries me is that the conversations that we need to be having — about what is that thoughtful approach that's consistent with our values and the Constitution and laws — even those conversations are being chilled," Spaulding said.

The big picture: Typically, CISA has operated as a clearinghouse between state and local election officials and election disinformation researchers tracking falsehoods.

  • Officials don't have enough time, energy or personnel to call Facebook or X, formerly known as Twitter, when they see a conspiracy theory floating online, Kim Wyman, former senior election security adviser at CISA, told Axios.
  • But CISA has the operational powers and foundation in place to talk with companies and disinformation researchers about what they're seeing and relay that back to officials.

Yes, but: Even that work — which is done with legal counsel to ensure freedom of speech isn't violated — has come under intense scrutiny in past elections.

  • Most recently, former President Donald Trump famously fired the first CISA leader, Chris Krebs, through a post on X after Krebs accurately stated online that the 2020 election wasn't rigged.

Meanwhile, social media is likely to be the biggest source for election disinformation this year, and election researchers have said that CISA, the FBI and other agencies have either slowed or completely halted their outreach.

Between the lines: Before the lawsuit, Wyman and her team still worked diligently with CISA's attorneys to check any flagged election mis- and disinformation for privacy concerns and First Amendment concerns.

  • "What happened from my vantage point was just a hyper-awareness of how things could be perceived and taken and then certainly, how [any action] might be viewed in court," Wyman said.
  • The agency also started focusing more on physical election security and cybersecurity. "It was really getting down to the foundational things," she added.

The intrigue: So far in 2024, CISA has balanced building out its election resources before November while being transparent.

  • Easterly and other cyber leaders said during an unrelated congressional hearing last month that the 2024 election will be the "most secure" election to-date — in part because of the work that CISA, other agencies and election officials have been doing.
  • This month, CISA released its new #Protect2024 website, which provides resources for state and local election officials defending against hacking threats.
  • The agency welcomed 10 election security advisers to CISA's 10 regional offices last week.
  • "CISA should continue to lean into transparency," Brandon Pugh, policy director and senior fellow for cybersecurity at the R Street Institute, told Axios. "Regardless of people's thoughts on CISA, you cannot dispute that they are one of the most accessible and public federal agencies."

CISA senior adviser Cait Conley told Axios in a statement that the agency's election security efforts are "stronger than ever."

  • "We remain engaged with election officials in all 50 states to ensure they have the support they need to run safe and secure elections," Conley said. "Election infrastructure security is not a political matter, and partisan politics will not impact our ability to do our work."

The bottom line: Partisan attacks are already scaring social media companies and election information researchers away from working publicly with the agency.

  • One researcher declined to talk with Axios, citing fears of online threats.
Go deeper