The Federal Bureau of Investigation will now notify state officials when a local election has been hit by hackers, a course reversal from a prior closed door policy not to extend notification beyond victims of cyber attacks.
A protracted wave of criticism from lawmakers and election officials concerning what they viewed was the agency’s constricted notification policy prompted the rethink, the Wall Street Journal reported. Political influences, notwithstanding the agency’s public posture to be unaffected by such things, must have played a part in the decision, with the 2020 election cycle already in high gear and the regrettable history of the 2016 Russian election interference in cemented memory.
No matter, the FBI is now in lock step with security defenders public and private worldwide, who in consensus have made it clear that the sharing of breach information among us all benefits us all. It’s good to see such enlightened reasoning making its way into the nation’s final-say law enforcement office. The new policy prioritizes working with other federal agencies, including the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), to inform state and local election officials and other appropriate election stakeholders of an exploited hole in the wall.
“Understanding that mitigation of such incidents often hinges on timely notification, the FBI has established a new internal policy outlining how the FBI will notify state and local officials responsible for administering election infrastructure of cyber activity targeting their infrastructure,” the agency said in announcing the notification policy. “The FBI’s new policy recognizes the necessity of notifying responsible state and local officials of credible cyber threats to election infrastructure,” the agency said. “The FBI’s interactions regarding election security matters must respect both state and local authorities. Thus, the FBI’s new policy mandates the notification of a chief state election official and local election officials of cyber threats to local election infrastructure.”
An expanded notification isn’t the only base the FBI intends to touch. Other milestones include:
- Provide updated and additional guidance on the timely dissemination of notifications and/or threat reporting.
- Protect victim information and disclosures.
- Coordinate between the FBI and other agencies in regard to election security for maximum impact.
Still, in a bit of a walk-back the FBI reminded us that “decisions surrounding notification continue to be dependent on the nature and breadth of an incident and the nature of the infrastructure impacted.”