Assessments Take the Guesswork Out of Election Security

Election Security Guesswork

Securing elections sounds as if it should be straightforward, but the reality is it is anything but. It’s far more complex and goes further than securing a network with a firewall or locking down a voting machine. It requires knowing precisely where there are gaps in your entire election process that cyber criminals can exploit. It also involves understanding where and how an attack is most likely to occur. The problem is gaining this type of full picture insight that spans a high-level overview as well as in-depth details can be a challenge.

Election Security Is Complex

Elections consist of multiple moving parts and involve many people and departments from government leadership teams and election administrators to volunteers. Elections are conducted across multiple locations and typically involve a range of processes and equipment that varies between each polling place, facility and department.

Added to the complexity is the fact that attackers are consistently changing their attack methods.  The solemn truth is cyber criminals invest a considerable amount of time, energy and even money into looking for new ways to gain access into networks, voting equipment and devices. Viruses, ransomware, phishing attacks and other types of cyber threats are always evolving.

What makes navigating this landscape even more tricky is the fact that cyber criminals have a wide variety of motivations. While some are seeking to skew election results others may be interested only in creating enough havoc to cast doubt on the process. Then there are those motivated purely by money. They understand how critical it is to conduct an error-free election and stand to profit handsomely through attacks like ransomware.

A Security Assessment Hones Focus

An effective cybersecurity plan that factors in the immense number of variables associated with protecting elections begins with a thorough security assessment. It is a concrete first step that builds a solid foundation for a good security program that is focused on defending the right attack areas and dedicated to the best use of resources.

A good assessment involves more than reviewing your technology. It looks at your entire election process. How is data relayed between locations? How do staff members and volunteers coordinate and communicate? What is the voter registration process? What is your team’s level of cybersecurity awareness? How are voting results published to the public on election night?

Once an accurate lay of the land is established, this information is mapped to the most current attack methodologies to find security gaps and opportunities to improve cyber defenses. From there, a clear plan will identify the best ways to protect the vote and voters throughout the election process.

What to Expect from an Assessment

As useful and thorough as a good assessment can be, it requires surprisingly little time or resource commitments from election departments. It is one of those exercises that can seem daunting, but the actual process for the election team is simple and doesn’t take as long as you might think.

Typically, an assessment begins with a discovery call. A cybersecurity team member will explain what the process entails and listen to your concerns or any special considerations. If approvals are required from the county commissioner or other stakeholders, the cybersecurity team can help you navigate the process. In some cases, a security representative can attend approval meetings to answer questions and share detailed information about the assessment.

Once approvals are obtained, there is a kick-off meeting to discuss dates and who from your team needs to be involved in the process. The cybersecurity team will then schedule an on-site assessment visit. During that visit, the team will spend an hour to two hours with different members of your staff gathering the information and making observations. The team will also review your technology infrastructure, including both physical and digital access to your network and data. You can expect these on-site visits to take one to several days depending upon the size of your election department.

After the visit, the team will review the data collected on-site and conduct cyber intelligence research to find any instances of data or chatter related to your election program on the Darknet. They will also research other potential threats that could affect your election.

Several weeks later, the team will come back to you with a report that details their findings. The report will cover any existing threats that need to be addressed immediately. It will identify weak areas discovered and the threats that have a high probability of impacting your election in the future. Plus, a thorough assessment will include detailed and prioritized recommendations from a Chief Information Security Officer that outlines how to address the threats.

An assessment is a strong, easy-to-tackle starting point for cutting through the challenges of securing the widely distributed, complex election environment. It’s a quick win that makes significant strides in improving election security.

To learn more download our Guide to Election Security.

About the author

Brian Engle

Brian Engle is the CISO and Director of Advisory Services, a role in which he leads the delivery of strategic consulting services for CyberDefenses's growing client base with risk management support, information security program assessment and cybersecurity program maturity evolution. Prior to working at CyberDefenses, he was the founder and CEO of Riskceptional Strategies, a consulting firm focused on enabling the development of successful strategies for implementing, operating, and evolving risk-based cybersecurity programs. Brian’s previous information security roles include Executive Director of Retail Cyber Intelligence Sharing Center (R-CISC), CISO and Cybersecurity Coordinator for the State of Texas, CISO for Texas Health and Human Services Commission, CISO for Temple-Inland, Manager of Information Security Assurance for Guaranty Bank, and Senior Information Security Analyst for Silicon Laboratories. Brian has been a professional within Information Security and Information Technology for over 25 years, and serves as a past president and Lifetime Board of Directors member of the ISSA Capitol of Texas Chapter, is a member of ISACA, and holds CISSP and CISA certifications.