Originating Organization: United States/Department of Homeland Security/Cybersecurity and Infrastructure Security Agency

    (U//FOUO) CISA Report: Continuity of the Economy Response

    The key finding of the COTE response is that, broadly, COTE plan requirements included in the FY 2021 NDAA are addressed through existing authorities, policies, plans, and frameworks. Creation of a COTE plan with a singular economic focus, coupled with new response frameworks, has the potential to create confusion and duplicate existing response and recovery mechanisms. However, the fundamentally important concept of economic recovery and response detailed in the COTE requirement should be deeply integrated within existing incident response frameworks to avoid creating an additional layer of potentially divergent planning and response activities operating in parallel to already established procedures. In lieu of developing a standalone COTE plan, the federal government should continue to refine and strengthen existing authorities, policies, plans, and frameworks for Federal Mission Resilience and domestic incident preparedness, response, and recovery. This COTE response provides several specific recommendations for how the federal government can continue to enhance the ability to maintain and restore the U.S. economy in response to a significant event.

    Cybersecurity and Infrastructure Security Agency Mail-In Voting in 2020 Infrastructure Risk Assessment

    All forms of voting – in this case mail-in voting – bring a variety of cyber and infrastructure risks. Risks to mail-in voting can be managed through various policies, procedures, and controls.
    The outbound and inbound processing of mail-in ballots introduces additional infrastructure and technology, which increases the potential scalability of cyber attacks. Implementation of mail-in voting infrastructure and processes within a compressed timeline may also introduce new risk. To address this risk, election officials should focus on cyber risk management activities, including access controls and authentication best practices when implementing expanded mail-in voting.