States Game Election Cyber Threats in Homeland Security Drills


• Simulations test private and public responses to hacking
• Colorado, Texas election officials participating in drills


The Department of Homeland Security is giving states, including Colorado and Texas, a chance to game out how they might respond to a cyberattack on election systems ahead of this year’s midterm vote.

The department is scheduled to begin its biennial “Cyber Storm” exercises on Tuesday, working with more than 1,000 “players” across the country, from state governments to manufacturers, to test how they would withstand a large-scale, coordinated cyberattack aimed at the U.S.’s critical infrastructure such as transportation systems and communications.

The program, running for the sixth time, involves three days of simulations. This year, amid continued threats of Russian interference in American elections, some states will see how prepared they are for hackers targeting their election systems in drills that don’t actually attempt to breach their computers.

The department has said Russia targeted the registration systems of 21 states in 2016, including Illinois, which said some of its voter information was extracted but not changed.

Two states participating in this year’s drills specifically requested exercises from Homeland Security testing their response to election-related cybersecurity risks, according to a department official, who asked not to be named because of the sensitivity of the subject.

While the department wouldn’t identify the states, officials in Texas and Colorado confirmed that their election officials were taking part.

In February, 40 state election officials gathered in a guarded Maryland office for a classified briefing on risks to their election systems, and Homeland Security has granted some of the election officials clearances to receive classified information from federal agencies.

Tailored Simulations

The Homeland Security official said the department expects to receive additional requests for election cyber exercises before the November election. Federal officials will tailor the simulations depending on a state’s election operations and technology assets, the official added.

Colorado’s state government is participating in Cyber Storm along with three counties, according to Trevor Timmons, chief information officer at the Colorado secretary of state’s office. The drills come as the state’s June 26 primaries approach.
“Colorado’s exercises will be looking at elections issues,” Timmons said in a phone interview. “We absolutely requested that.”

While teams work on the simulation in Denver this week, one Colorado official will sit with federal authorities and other states at the National Cybersecurity and Communications Integration Center outside Washington to develop the response, Timmons said.
“It’s kind of like a game,” he added.

Texas state election officials are also participating in the Cyber Storm simulations this week, according to Sam Taylor, a spokesman for the Texas secretary of state’s office, which oversees election technology in the state.

To contact the reporter on this story:
Nafeesa Syeed in Washington at nsyeed@bloomberg.net
To contact the editors responsible for this story:
Bill Faries at wfaries@bloomberg.net
Larry Liebert, John Harney