Professional Documents
Culture Documents
Case Study Paper Resilience of Cyber Physical Systems CPS
Case Study Paper Resilience of Cyber Physical Systems CPS
Case Study Paper Resilience of Cyber Physical Systems CPS
Anna Gogacz
Professor ________________
[Course Name]
1 December 2020
deliver robust cybersecurity responses and mitigate damage to systems, processes and
reputations arising from adverse cyber events such as the destruction of critical hardware, third-
party cyber attacks and compromisation of digital systems. This paper will discuss a case study
on the resilience of cyber-physical systems, and outline the preventative, detective and corrective
controls embedded in the case study organization’s cyber-physical systems. The Department of
Homeland Security’s Cybersecurity and Infrastructure Security Agency and their plans and
responses to cybersecurity threats during the 2020 U.S. election will be analyzed based on their
Agency was under significant pressure during the 2020 U.S. presidential elections, given the past
precedent of foreign electoral interference by third parties allegedly linked to President Trump,
and the allegations in 2020 of widespread voter fraud and illegal balloting by President Trump,
voter disinformation efforts by international actors and third parties, as well as public discourse
In light of such a politicised context, it was crucial that the Department of Homeland
Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) ensured adequate
cyber and physical infrastructure resilience to preserve the integrity of the U.S. presidential
elections and support the public good. In 2020, DHS CISA performed an admirable job of
ensuring the resilience of their cyber-physical systems in four key areas: cybersecurity election
infrastructure, routine digital infrastructure audits, self-help security resource tools, and social
media and public relations communications. These helped to build stakeholder capacity to
assessments, and facilitated information sharing and swift corrective actions to thwart threats to
Foremost, the DHS CISA had successfully performed an extensive upgrade of their
digital election infrastructure in terms of voter registration databases, IT counting, auditing and
infrastructure, storage facilities and mail-in ballot counting systems, and had actively
collaborated with key stakeholders, such as state and local regulators, election officials, federal
audit partners and vendors to manage the risk downsides from cybersecurity attacks (Norden
126). The DHS CISA had also conducted detection, prevention, and cybersecurity diagnostic
assessment audits to ensure that its election infrastructure and cyber-physical systems remained
The DHS CISA had also invested heavily in routine digital infrastructure audits ahead of
the election with key cybersecurity partners such as Norton Lifelock and McAfee, to secure their
systems against potential third-party threats (Norden 126). Measures such as pre-election digital
infrastructure testing, state certification of voting equipment and audits by multiple stakeholders
also helped to establish strong system resilience against third-party manipulation of vote results,
which withstood criticism and allegations after the election of voter fraud. On a more technical
level, the DHS CISA also implemented techniques such as survivability testing of mobile cyber
physical systems, which showed a high intrusion tolerance and a dynamic voting-based intrusion
detection technique against third-party election infrastructure attacks (Mitchell & Chen, 2011).
Secondly, the DHS CISA published self-help and open source security resource tools
Vulnerability Reporting for Election Administrators, Risk Assessment and Infographic tools for
mail-in voting, and infographics and planning guides for Election Infrastructure Cyber Risk
Management (Dacasco 176). The DHS CISA had also released a Cyber Incident Detection and
Notification Planning Guide for Election Security, which significantly raised the capacity of the
DHS CISA’s employees for cybersecurity resilience. In doing so, the DHS also built on the joint
expertise and collaborative inputs from multiple stakeholders, such as the Election Task Force,
the Countering Foreign Influence Task Force, the Federal Bureau of Investigation, the Central
Intelligence Agency, think tanks, social media companies, federal partners, cybersecurity
contractors and local state and federal authorities to ensure a whole of government approach to
the securing of critical election infrastructure and cyber-physical system resiliency (Dacasco
206).
Anna 4
The DHS CISA also invested heavily in cybersecurity for social media and public
relations communications. In 2016, the U.S. elections had been marred by controversy due to the
alleged manipulation of social media platforms such as Facebook to spread voter disinformation
and online falsehoods that inflamed tensions and compromised the integrity and security of the
election. In 2020, the DHS CISA thus partnered actively with social media platforms such as
Facebook to install extensive security monitoring algorithms and account verification tools, in
order to ensure that voter misinformation by third parties could not compromise the resilience of
From a public relations perspective, the DHS CISA also released social media and guides
such as Real Fake, a graphic novel that illustrated the dangers from misinformation campaigns,
the #Protect2020 Rumor vs. Reality campaign to dispel election related rumors, and a general
guide for Physical Security of Voting Locations and Election Facilities (DHS CISA, 2020).
Posters such as the Election Security PLanning Snapshot Poster and Election Day Emergency
Response Guide Poster also ensured that local stakeholders and voters were served to the ‘Last
Mile’ in order to mitigate and eliminate risks to electoral security, and to equip local stakeholders
with the skills and knowledge required to ensure cyber-physical system resiliency and security
(Mitchell 2259).
systems linked to the 2020 U.S. elections, and allowed Christopher Krebs, the CISA director, to
actively refute any allegations that the security and integrity of the U.S. elections had been
Anna 5
undermined, including those by incumbent President Trump, with a statement that there was no
evidence that any voting system across the U.S. deleted, lost or altered votes through third-party
electoral cyber-physical systems. For example, election infrastructure was designated as part of
the federal government’s critical infrastructure in 2017, which enabled state and local authorities
to utilise the government’s cybersecurity best practices to improve the resilience of cyber-
physical systems. Furthermore, strong cybersecurity software suites were erected against
potential denial-of-service attacks, election system supply chain attacks and loophole
were also made to close outdated software and bug disclosure issues for voting machines, which
allowed their vulnerabilities to be closed off to potential attackers, while election workers were
trained to monitor signs of suspicious actions to manipulate election infrastructure and processes.
The above measures by the DHS CISA were strong examples of the preventative,
detective and corrective controls that were deployed during the 2020 U.S. presidential election to
prevent the resilience of cyber-physical systems from being compromised (DHS CISA, 2020).
Foremost, preventative controls such as security audits, upgraded software and closure of
potential loopholes were used to keep errors and irregularities in the U.S. election process from
occurring, with strong firewalls and hardware physical security suites in place to stop potential
Secondly, election officials were trained to detect errors and irregularities that occurred,
while computer security software was installed across all election registration and voting sites to
ensure that they were scanned for potential malware and intrusion. Finally, corrective controls
were made to file reports and enact disciplinary action for cybersecurity breaches, while voter
registration websites, software suites and voting processes were subjected to software patches to
prevent potential loopholes from being exploited for purposes of electoral fraud or third-party
In conclusion, the DHS CISA’s preventative, detective and corrective controls that were
deployed during the 2020 U.S. presidential election prevented the resilience of cyber-physical
systems linked to the election from being compromised. The DHS CISA”s approach ensured a
secure and resilient election that adopted a highly vigilant, trustworthy and transparent approach
References
Baker, Jones Smith, et al. Cybersecurity in the U.S. Elections: A HIstory. OUP, 2017.
Choate, Judd, and Robert Smith. Election Cybersecurity: The Future of Election Administration.
Mitchell, Romeo. “Survivability analysis of mobile cyber physical systems with voting-based
intrusion detection.” 2011 7th International Wireless Communications and Mobile Computing
National Risk Management: Election Infrastructure Security 2020. DHS CISA, 2020,
Norden, Lacosta. “A Framework for Election Vendor Oversight”. Brennan Center for Justice,
November 2020.