DHS-funded nonprofit censoring election info also provides cybersecurity to election offices

The Center for Internet Security filed 16% of tickets to Election Integrity Partnership analysts during the 2020 election "to flag incidents or emerging narratives to be assessed" and ask for action from Big Tech, according to the partnership's after-action report. 

Published: March 3, 2023 9:59pm

Updated: March 6, 2023 3:19am

The Center for Internet Security (CIS), which has participated in censorship of purported election "misinformation," has provided ambiguous "cybersecurity services" free of charge to various elections offices in counties across the U.S. in collaboration with other left-wing nonprofits, the Department of Homeland Security, and the cybersecurity company CrowdStrike.

CIS participated in censorship during both the 2020 and 2022 elections through its Elections Infrastructure Information Sharing & Analysis Center (EI-ISAC). EI-ISAC "works closely with election officials and security and technology personnel to provide the highest standards of election security, including incident response and remediation through our team of cyber experts," the CIS website reads.

"Our 24x7x365 Security Operations Center (SOC) monitors, analyzes, and responds to cyber incidents targeting election offices and government entities," the explanation continues. "We develop and share best practices for securing election infrastructure, incorporating security into election technology procurements, and helping manage election supply chain risks."

According to an election after-action report by the Election Integrity Partnership (EIP), a private consortium that played a major role in censoring social media content during the 2020 election, EI-ISAC was a key node in its reporting chain. "EI-ISAC served as a singular conduit for election officials to report false or misleading information to platforms," according to the EIP report. "By serving as a one-stop reporting interface, the EI-ISAC allowed election officials to focus on detecting and countering election misinformation while CIS and its partners reported content to the proper social media platforms."

CIS filed 16% of tickets to Election Integrity Partnership analysts during the 2020 election "to flag incidents or emerging narratives to be assessed" and ask for action from Big Tech, according to the partnership's after-action report. Most of those CIS tickets, according to the report, "originated from election officials." Several of the CIS tickets involved Arizona's "Sharpiegate," with those posts being "possibly labeled or demonetized," according to an October 2022 EIP statement

In 2022, CIS forwarded an email to Twitter from then-Arizona Secretary of State Katie Hobbs' office regarding a Twitter account that was flagged for review over two tweets. "Both Tweets have been removed from the service," Twitter replied in an email copied to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA).

CIS provides "cybersecurity services" and "Endpoint Detection & Response services" (EDR) to county election offices. The cybersecurity services are "Combined Netflow and intrusion detection system monitoring and analysis of related data, and delivery and management of associated devices, hardware and software necessary for delivery of [cybersecurity services]. Also referred to as Albert monitoring services."

EDR services include: "1. Deployment and maintenance of an EDR software agent on [the county's] identified endpoint devices, which will (a) block malicious activity at a device level if agreed to by the [county]; (b) remotely isolate compromised systems after coordination with the [county]; (c) identify threats on premise, in the cloud, or on remote systems; (d) inspect network traffic in a decrypted state on the endpoint for the limited purpose of identifying malicious activity; and (e) identify and remediate malware infections.

"2. Centralized management of EDR data to allow system administration, event analysis and reporting by CIS [Security Operation Center]. Additionally, [the county] will be able to interact with its own EDR data through the management system."

In memorandums of agreement, Lancaster County, Neb., and Hoke County, N.C., agreed to accept the EDR services from the nonprofit, while the Texas counties of Denton and Dallas accepted the cybersecurity services. The signing dates for the agreements range from 2018 to 2020.

CIS provided these services through its Multi-State Information Sharing and Analysis Center (MS-ISAC) and EI-ISAC.

MS-ISAC is "a trusted cybersecurity partner for 13,000+ U.S. State, Local, Tribal, and Territorial (SLTT) government organizations," according to the CIS website. The center "offer[s] members incident response and remediation support through our team of security experts and develop[s] tactical, strategic, and operational intelligence, and advisories that offer actionable information for improving cyber maturity."

The memorandums of agreement all mention that the counties must inform "its employees, contractors and other authorized internal network users" that they "have no reasonable expectation of privacy regarding communications or data transiting, stored on or traveling to or from [county's] information system; and [a]ny communications or data transiting, stored on or traveling to or from the [county's] information system may be monitored, disclosed or used for any lawful government purpose."

The memos for the counties accepting cybersecurity services say that "CIS will be responsible for the correct functioning of managed devices," and "shall be responsible for the purchase of certain hardware, and shall arrange for the shipping of such hardware to a location designated by [the county]."

The memos for the counties accepting EDR services say that CIS will purchase "a commercial EDR capability provided by a third party provider" and "be responsible for the deployment, management and monitoring of the EDR Services to [county's] identified endpoint devices."

None of the memos explain what these services are specifically for as they relate to the counties' elections.

In the memorandums of agreement for Lancaster and Hoke counties, the cybersecurity company CrowdStrike is mentioned as a third party provider licensed by CIS.

CrowdStrike was mentioned by then-President Donald Trump on the July 2019 phone call with Ukrainian President Volodymyr Zelensky that was central to the first impeachment, RealClearInvestigations reported. The company was also hired by the Democratic National Committee in 2016 to investigate the hacking of its servers, which was an issue related to the Trump-Russia probe.

CrowdStrike provided the FBI with images of the servers but not direct access to the servers. The company's president, Shawn Henry, initially claimed that Russia had exfiltrated data from the DNC, then later admitted in congressional testimony, "We do not have concrete evidence that data was exfiltrated from the DNC, but we have indicators that it was exfiltrated."

In November 2021, CrowdStrike announced that it was partnering with CIS on providing services to state and county governments, specifically for MS-ISAC. It had previously worked with CIS on EI-ISAC.

CrowdStrike's webpage on election security links to an outdated webpage for the CISA "Cybersecurity Toolkit and Resources to Protect Elections," CIS' webpage on EI-ISAC, and the Global Cyber Alliance's Election Toolkit.

Global Cyber Alliance has the same address as CIS. The advisory group for Global Cyber Alliance includes employees from CISA and liberal groups such as the Mark Zuckerberg-funded Center for Tech and Civic Life, Brennan Center for Justice at NYU School of Law, Facebook, and the Center for Election Innovation and Research.

CIS' IRS Form 990 from 2020 also mentions a program by the Democracy Fund, a significant bankroller of left-wing groups and causes, which "provides security focused tools and guidance for election officials and election technology providers."

Phill Kline, director of election integrity watchdog The Amistad Project, told Just the News on Sunday, "The problem with all of this is lack of transparency," adding that there's a "concern about who to rely on for information."

Deputy Director of the Election Integrity Network Ned Jones, told Just the News on Friday that his question about the CIS involvement with county elections is, "Why would the government contract with a nonprofit like CIS when we have CISA that could do the same thing?"

The counties didn't respond to requests for comment. CrowdStrike has yet to provide a comment regarding the memos of agreement with the counties of Lancaster and Hoke, but the company provided a link to a press release from CIS about its expanded partnership with the cybersecurity company.

On Tuesday, CIS referred Just the News to its website pages for the MS-ISAC, EI-ISAC and Endpoint Security Services (ESS) and said to check with states and counties for agreements and with CISA for the nonprofit's relationship with the federal agency.

A CISA spokesperson told Just the News on Wednesday, "Pursuant to direction from Congress, the Department has a cooperative agreement with the Center for Internet Security to provide cybersecurity services to state, local, tribal and territorial governments."

MS-ISAC and EI-ISAC "provide no-cost services to secure U.S. election infrastructure," according to CISA's cybersecurity toolkit. "MS-ISAC is the trusted resource for cyber threat prevention, protection, response, and recovery for U.S. State, Local, Tribal, and Territorial government entities, and the EI-ISAC supports the rapidly changing cybersecurity needs of U.S. elections offices."

Unlock unlimited access

  • No Ads Within Stories
  • No Autoplay Videos
  • VIP access to exclusive Just the News newsmaker events hosted by John Solomon and his team.
  • Support the investigative reporting and honest news presentation you've come to enjoy from Just the News.
  • Just the News Spotlight

    Support Just the News