Homeland Security “hunts” at Colorado Secretary of State’s office

The “bad boys” of the Colorado Secretary of State’s IT department: Craig Buesing and Dave Shepard, network and security engineers, Trevor Timmons, chief information officer, and Rich Schliep, chief information security officer. (SOS photo)

At the invitation of Colorado Secretary of State Wayne Williams, Department of Homeland Security officials came to Colorado hunting for bad guys in the SOS’s network.

Did they bag anything?

“I learned a new acronym: NSTR — Nothing Significant to Report,” said  Trevor Timmons, the Secretary of State’s office chief information officer.

The exercise is the latest effort by Williams to ensure that Colorado’s elections are accurate and secure. The Washington Post recently wrote about “how Colorado became the safest state to cast a vote.” Colorado already had implemented many of the measures recommended after election officials learned of Russia’s efforts to interfere with the 2016 election.

The National Cybersecurity and Communications Integration Center (NCCIC) branch of DHS conducted the hunt. The center “works to reduce risks within and across all critical response infrastructure,” according to its website.

Eight cybersecurity experts from HIRT — the Hunt and Incident Response Team — spent two weeks at the SOS office this month.  Timmons said they hooked into the SOS network and systems to try and identify any evidence of malware or malicious actors in the SOS systems, including the Colorado voter registration database, agency e-mail systems and agency network assets. Colorado is one of five states that have hosted NCCIC to conduct a hunt.

“They’re looking for someone who is in, but they haven’t started taking advantage yet,” Timmons said. “The hunt teams use forensic investigative techniques to look for malware and other bad actors, even if the attack hasn’t begun. ”

Malware is a new buzzword in election security. It refers to software intended to damage or disable computers and computer systems.

But HIRT’s’s main mission is to respond to incidents. One team member checking out the Secretary of State’s office was earlier deployed to Colorado to investigate when the state Department of Transportation was hit with the “SamSam” ransom attack. The state never paid the ransom but it spent at least $1.5 million to clean each computer,  officials told The Denver Post.