Securing elections sounds as if it should be straightforward, but the reality is it is anything but. It’s far more complex and goes further than securing a network with a firewall or locking down a voting machine. It requires knowing precisely where there are gaps in your entire election process that cyber criminals can exploit. It also involves understanding where and how an attack is most likely to occur. The problem is gaining this type of full picture insight that spans a high-level overview as well as in-depth details can be a challenge.
Election Security Is Complex
Elections consist of multiple moving parts and involve many people and departments from government leadership teams and election administrators to volunteers. Elections are conducted across multiple locations and typically involve a range of processes and equipment that varies between each polling place, facility and department.
Added to the complexity is the fact that attackers are consistently changing their attack methods. The solemn truth is cyber criminals invest a considerable amount of time, energy and even money into looking for new ways to gain access into networks, voting equipment and devices. Viruses, ransomware, phishing attacks and other types of cyber threats are always evolving.
What makes navigating this landscape even more tricky is the fact that cyber criminals have a wide variety of motivations. While some are seeking to skew election results others may be interested only in creating enough havoc to cast doubt on the process. Then there are those motivated purely by money. They understand how critical it is to conduct an error-free election and stand to profit handsomely through attacks like ransomware.
A Security Assessment Hones Focus
An effective cybersecurity plan that factors in the immense number of variables associated with protecting elections begins with a thorough security assessment. It is a concrete first step that builds a solid foundation for a good security program that is focused on defending the right attack areas and dedicated to the best use of resources.
A good assessment involves more than reviewing your technology. It looks at your entire election process. How is data relayed between locations? How do staff members and volunteers coordinate and communicate? What is the voter registration process? What is your team’s level of cybersecurity awareness? How are voting results published to the public on election night?
Once an accurate lay of the land is established, this information is mapped to the most current attack methodologies to find security gaps and opportunities to improve cyber defenses. From there, a clear plan will identify the best ways to protect the vote and voters throughout the election process.
What to Expect from an Assessment
As useful and thorough as a good assessment can be, it requires surprisingly little time or resource commitments from election departments. It is one of those exercises that can seem daunting, but the actual process for the election team is simple and doesn’t take as long as you might think.
Typically, an assessment begins with a discovery call. A cybersecurity team member will explain what the process entails and listen to your concerns or any special considerations. If approvals are required from the county commissioner or other stakeholders, the cybersecurity team can help you navigate the process. In some cases, a security representative can attend approval meetings to answer questions and share detailed information about the assessment.
Once approvals are obtained, there is a kick-off meeting to discuss dates and who from your team needs to be involved in the process. The cybersecurity team will then schedule an on-site assessment visit. During that visit, the team will spend an hour to two hours with different members of your staff gathering the information and making observations. The team will also review your technology infrastructure, including both physical and digital access to your network and data. You can expect these on-site visits to take one to several days depending upon the size of your election department.
After the visit, the team will review the data collected on-site and conduct cyber intelligence research to find any instances of data or chatter related to your election program on the Darknet. They will also research other potential threats that could affect your election.
Several weeks later, the team will come back to you with a report that details their findings. The report will cover any existing threats that need to be addressed immediately. It will identify weak areas discovered and the threats that have a high probability of impacting your election in the future. Plus, a thorough assessment will include detailed and prioritized recommendations from a Chief Information Security Officer that outlines how to address the threats.
An assessment is a strong, easy-to-tackle starting point for cutting through the challenges of securing the widely distributed, complex election environment. It’s a quick win that makes significant strides in improving election security.
To learn more download our Guide to Election Security.