OIG audit calls for more clarity from CISA, DHS on disinformation mission 

A federal audit released this week gives the Cybersecurity and Infrastructure Security Agency generally high marks for its work protecting election infrastructure from cyber and physical threats, coordinating with other federal agencies and supporting state and local officials.

But it also provided further evidence that the agency is playing a reduced role around disinformation this election cycle, citing a lack of strategic guidance from the Department of Homeland Security, outside lawsuits and evolving views within the agency about its role and responsibilities.

The review, conducted by DHS’s Office of the Inspector General, said CISA discontinued its efforts to work with social media companies around disinformation after the 2022 election.

“CISA did not specify why it stopped communicating with social media companies,” auditors wrote, adding that a senior agency official said CISA “changed its efforts to counter disinformation based on the evolution of the disinformation mission during that time.”

2022 was the same year that two states filed lawsuits against the federal government, alleging the engagements violated the First Amendment rights of American citizens. That case eventually reached the Supreme Court, where it was dismissed due to lack of standing.  

In addition to the lawsuits, the audit also revealed that CISA’s reticence to engage in more robust efforts around disinformation may also stem in part from a lack of guidance and direction from DHS leadership.

Since 2019, auditors have pressed DHS officials to update the National Infrastructure Protection Plan and other strategy documents that would further scope out CISA’s role addressing the problem.

“DHS still has not updated critical plans to include the specific goals, objectives, milestones and priorities needed to monitor and secure the election infrastructure and address other emerging threats, such as disinformation,” auditors wrote.

The department has faced its own political blowback over the issue. In 2022, DHS announced the formation of a Disinformation Governance Board. While it had no legal authority to unilaterally censor speech online — and its makeup was not dissimilar from the countless other advisory boards created across the federal government — the effort drew harsh criticism from Republicans on Capitol Hill, as well as civil digital liberty groups across the ideological spectrum before it was eventually disbanded.

CyberScoop has reached out to the Department of Homeland Security for comment on the Inspector General’s findings.

The widespread and factually baseless belief among primarily Republican and conservative voters that the 2020 presidential election was marred by election fraud has, in the minds of many election officials, contributed to a surge in harassment and violent threats directed toward election offices over the past four years.

When DHS auditors interviewed state and local officials in 13 different states, they largely praised CISA’s work providing expertise, technical assessments of vulnerabilities in their election infrastructure and other needed resources. However, a majority also cited disinformation as the top threat facing their elections this year.

CISA’s social media playbook

Earlier this month, CISA Director Jen Easterly told reporters that while the agency has resumed communications with social media platforms in the wake of the Supreme Court ruling, those discussions no longer include efforts to influence content moderation decisions.

Following that briefing, a CISA spokesperson told CyberScoop that the agency’s “switchboarding” operations, wherein officials flagged accounts or posts on social media that they believed were spreading disinformation around elections to platforms for content moderation review, was not utilized during the 2022 election cycle. That matches what Geoff Hale, then-lead of CISA’s election security and resilience team, claimed in court documents submitted last year.

The agency still carries out a number of activities around disinformation, which are mostly focused on amplifying state and local officials as authoritative sources on election and voting information and providing general guidance, training and tabletop exercises around the issue. CISA officials have also taken part in cross-agency briefings held this year around foreign malign influence efforts and disinformation campaigns targeting the 2024 elections.

In an attached response to the audit, Easterly said the agency “remains committed to assisting election infrastructure against the risk of foreign malign influence operations and disinformation.”

She cited three lines of effort that make up the foundation of the agency’s mission around disinformation: developing publicly available security guidance for election officials about the tactics and techniques used by foreign influence campaigns, providing context to common disinformation narratives and themes through websites like their “Election Security Rumor vs. Reality” website, and amplifying state and local officials as authoritative sources on accurate election- and voting-related information.