Election Security Spotlight - EI-ISAC: Who We Are, What We Do

What it is

The Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®) is part of the Center for Internet Security® (CIS®) and receives Congressional funding through Cybersecurity & Infrastructure Security Agency (CISA). We are a community of election officials and information technology (IT) professionals dedicated to improving the cybersecurity posture of election offices among U.S. State, Local, Tribal, and Territorial (SLTT) governments. Our staff is comprised of former election officials and cybersecurity professionals, so we understand the challenges that election officials face daily and the solutions that can help alleviate those challenges. Our membership base includes election offices, the IT professionals supporting them, associations, and election technology providers. The EI-ISAC provides no-cost cybersecurity solutions, along with other various resources, to improve the cybersecurity posture of U.S. SLTT election offices.

Why it matters

Election officials must protect critical election infrastructure from cyber attacks on a daily basis. The EI-ISAC staff aims to help members (and potential members) understand the importance of adopting cybersecurity protections and how these protections counteract current cybersecurity threats. To support this goal, the EI-ISAC recommends that election offices implement layers of protection. 

A few of the no-cost cybersecurity solutions that the EI-ISAC provides include:

  • Endpoint Detection and Response (EDR): EDR consists of device-level protection and incident response technology that both blocks malicious activity and can stop an attack in its tracks. This solution protects desktop computers, laptops, and servers.
  • Malicious Domain Blocking and Reporting (MDBR): MDBR prevents IT systems from connecting to known malicious websites, which helps limit infections related to malware, ransomware, phishing, and other cyber threats.
  • Email Protection Service (EPS): EPS increases the security of your email systems by screening incoming email communications. It blocks known malware and spam messages before it reaches an employee’s inbox, thus protecting your email systems against phishing and other threats.
  • CIS Security Operations Center (SOC): The experienced experts of the 24x7x365 CIS SOC  provide threat intelligence and analysis, detection, and incident response assistance to your team. The CIS SOC is available via email or phone call.

Other resources the EI-ISAC provides include:

  • The Essential Guide to Election Security: This one-stop resource, catered to election officials, delivers insights about best practices in election security. 
  • Election Technology Procurement Guide: This guide identifies a set of best practices for IT procurements in elections.
  • Election-Specific Threat Reports: These reports feature timely and actionable threat intelligence, along with recommendations, to help election offices better protect themselves.
  • Election Security Spotlight: Each month, we publish a brief article in plain language that breaks down a timely topic by explaining what it is, why it matters, and what you can do.
  • Homeland Security Information Network (HSIN) Situation Room (SitRoom): The SitRoom is a virtual room that provides election officials with a space to share what they are seeing in the field with other election officials, the EI-ISAC, and our federal partners. It is open on Election Day for any statewide primary and general election.

Finally, if your county or municipality has little or no cybersecurity protections in place and has no resources (funding or IT staffing) to increase its cyber posture, please inquire about our Cyber Underserved Program. The EI-ISAC can potentially provide additional cybersecurity protections if your jurisdiction qualifies.

What you can do

The EI-ISAC wants to engage with our members and help increase the cybersecurity posture of all U.S. SLTT election offices. Help us help you! To do this:

  • Keep the contact information on your EI-ISAC account up to date. If you get new staff members, experience staff turnover, or update your email domain, contact your account manager or send an email to [email protected] so that we can adjust your account accordingly.
  • Schedule a Security Checkup with your account manager. This is a brief, 30-minute meeting providing you with the opportunity to review your account, hear information about the EI-ISAC’s no-cost cybersecurity solutions, and get answers to questions you may have. If you are not in contact with your account manager, email [email protected], and your account manager will reach out to you.
  • Connect us with your trusted IT professionals. We know that election officials are not always the decision makers when it comes to technology/cybersecurity measures, and that’s okay! We are happy to talk to your trusted IT professionals, whether it be your state, county, or municipal IT department or a third-party IT vendor, to boost the cybersecurity posture of your election office.

Please contact us at [email protected] if you have any questions.