Included in EI-ISAC Membership
Information Sharing, Cybersecurity Awareness, and Education
Through Homeland Security Information Network (HSIN), EI-ISAC members can access a library of cybersecurity resources. This portal also provides contact information and allows for secure email and document sharing.
By working with EI-ISAC members and other cybersecurity partners around the country, EI-ISAC also provides:
- Monthly Executive-level Advisory Summaries – Summary of critical vulnerabilities identified in the previous month, along with recommendations for how executives should coordinate patching with their IT staff.
- Weekly News Alert – A non-technical publication that provides news summaries and commentary on items of interest to the elections community.
- Cybersecurity Spotlight – A short non-technical explanation of a common cybersecurity term or practice, and its application to elections infrastructure.
- Quarterly Threat Report – A summary of event-related data that may be of interest to elections officials, derived from the EI-ISAC’s network monitoring services, information reported by trusted partners, gathered from open sources, and incidents responded to by the EI-ISAC. This report is intended to provide situational awareness of the elections community cyber risk landscape and should be used to assist election officials and their IT staff in their own analysis of the active information security threats facing their organizations.
A Handbook for Elections Infrastructure Security
Through a best practices approach, we aim to help organizations involved in elections better understand what to focus on, know how to prioritize and parse the enormous amount of guidance available on protecting IT-related systems, and engage in additional collaboration to address common threats to this critical aspect of democracy. Download or view the handbook.
EI-ISAC analysts work with trusted affiliates to conduct research and gather intelligence about cyber threats (such as website defacements) targeting elections or elections-affiliated systems. Notices are sent to impacted EI-ISAC members based on predetermined escalation procedures. The EI-ISAC also provides recommended remediation steps and technical assistance.
For elections entities experiencing a targeted cyber threat (see “Threat Notification” above), the EI-ISAC provides a free network and web application vulnerability assessment. These assessments include a manual analysis and verification of vulnerabilities discovered, prioritized remediation steps, customized reporting, and remediation support.
Experiencing a cybersecurity incident? Even if your elections organization is not yet part of the EI-ISAC, you can reach out to us for help. Learn more about our incident response services.
The Incident Response Checklist can help you learn how to identify, respond to, and communicate information about a breach. Download the checklist.
Malicious Code Analysis Platform (MCAP)
MCAP is a web-based service which allows members to submit suspicious files, including executables, dlls, documents, quarantine files and archives for analysis in a controlled and non-public fashion. MCAP also enables users to perform threat analysis based on domain, IP address, URL, HASH, and various IOCs.
MCAP users are able to obtain the results from analysis, behavioral characteristics and additional detailed information which allows users to remediate the incident in a timely manner. This communication with our members provides the EI-ISAC with the situational awareness needed to assess the malware threat characteristics facing our SLTT government entities on a national level.
Vulnerability Management Program (VMP)
VMP notifies members on a monthly basis about any outdated software that could pose a threat to assets. A scripted GET request is sent to over 30,000 SLTT domains that the EI-ISAC maintains, to pull data on versioning information related to each domain.
In order to alert members of outdated software, the EI-ISAC collects server type and version (IIS, Apache, Nginx, etc.), web programming language and version (PHP, ASP, etc.), and content management system and version (WordPress, Joomla, Drupal, etc.)
Following the analysis and review of the information returned, data will be broken out into two categories: vulnerable and not vulnerable systems. If the system is located in the ‘vulnerable’ file, an associated portion of that system is not up to date. Conversely, if the system is located in the ‘not vulnerable’ file, the system’s patch level is up to date. Systems identified as vulnerable include the CVE score and a link to the CVE.
Members should use this monthly notification to conduct further internal analysis to ensure that Internet facing systems are patched and running the most up to date software.
In addition to domain profiling, the EI-ISAC also performs IP address port profiling. The EI-ISAC Port Profiling Tool connects to SLTT public IP addresses provided by our EI-ISAC members. Each IP address profiled receives a small number of packets on a selection of commonly used ports. The data obtained during this process is the same information that could be collected by anyone on the public Internet and is often used by attackers for reconnaissance purposes prior to an attack. Our intent is for members to utilize this information as a reminder to keep Internet facing systems up-to-date and securely configured.
For questions regarding the IPs and domains that the EI-ISAC has on file for your organization, please contact the EI-ISAC. Domain and IP listings can be edited at any point in time during your membership.
Malicious Domain Blocking and Reporting (MDBR)
The Malicious Domain Blocking and Reporting (MDBR) service is offered to EI-ISAC members in partnership with the Cybersecurity and Infrastructure Security Agency (CISA) and Akamai. This service provides an additional layer of cybersecurity protection that is proven, effective, and easy to deploy. MDBR technology prevents IT systems from connecting to harmful web domains, helping limit infections related to known malware, ransomware, phishing, and other cyber threats. This capability can block the vast majority of ransomware infections just by preventing the initial outreach to a ransomware delivery domain.
On behalf of our EI-ISAC members, CIS coordinates a variety of DHS programs and initiatives:
- Nationwide Cyber Security Review (NCSR), an annual survey that helps SLTTs analyze their cybersecurity posture
- Cyber Resiliency Review, Fed VTE, NCATS, Stop.Think.Connect, and more via US-CERT
CIS SecureSuite Membership
CIS SecureSuite Membership gives organizations around the world access to a collection of integrated cybersecurity resources such as CIS-CAT Pro Assessor, remediation content, and CIS-CAT Pro Dashboard. All of these tools help users evaluate and apply secure configuration settings to laptops, servers, network devices, and more. CIS SecureSuite Membership is free for U.S. SLTT organizations.
Additional Services (fee-based)
Network Security Monitoring (Albert)
One of our most popular services is the network monitoring solution known as Albert. Albert consists of an IDS sensor that gathers network data and sends it to the EI-ISAC for analysis.
EI-ISAC members are welcome to purchase a variety of consulting services, including:
- Infrastructure architecture review
- Internal systems assessment
- Social engineering (phishing exercises)
- Network penetration testing
- Web application penetration testing
Each of these consulting services can be customized by the purchasing organization. Services provided are based on a statement of work.
With both network and web application components, EI-ISAC members can purchase assessment services to identify critical system vulnerabilities. These assessments include a manual analysis and verification of vulnerabilities discovered, prioritized remediation steps, customized reporting, and remediation support. Vulnerability assessments can be scheduled on a monthly, quarterly, or yearly basis. Payment Card Industry (PCI) compliance scanning is also available. (Free if targeted by a cyber threat.)
Managed Security Services (MSS)
Managed Security Services (MSS) provide 24/7 monitoring, event analysis, and notifications for multiple security devices, including:
- IDS (Intrusion Detection System) / IPS (Intrusion Prevention System)
- Web proxies
- Switches/ Routers