Complacency Isn’t Affecting Election Security Progress, Unknowns Are

Election Security Training

Recent news articles have focused on the unused HAVA funds that the Federal government has allocated for election security, and the implication is that this inaction is the result of a lack of urgency or a sense of complacency.

Those of us on the frontlines of the election security challenge know that the issue is more sophisticated than this. We are aware that the threat level to elections is high. Many groups and individuals have much to gain by manipulating votes and casting doubt on election results. We also know that cybercriminals look for any possible way to infiltrate the election process, and the Internet makes it possible to find avenues of connection that did not exist before. And we’re aware that breaching a small tangential part of the election process can provide an attacker with an inroad to a larger more significant aspect of the election.

The issue isn’t our lack of awareness or sense of urgency. The real issue is that in the midst of sensationalized scare tactics and doom predictions that serve political and business agendas, it’s hard to know exactly what the real threats are and how we can best defend against them. Complacency is far from the underlying collective feeling regarding election security. Overwhelm generated by all of the unknowns; however, is very real, and it can be our biggest roadblock because too often it leads to inaction or ineffective action.

The good news is that while the problem of election attacks is certainly a serious one, it is not impossible. There are definitive things we know about cyber attack methods and proven ways to find out which cyber threats are probable for specific election organizations. There are also clearly defined best practices that provide effective defenses against cyber attack. What’s even better news is many of these practices are simple habits that can become a regular part of your operations with some focused effort.

While it can be counter-productive to react to the panic-inducing headlines, it is important to wisely assess the threat risk and take thoughtful action. Knowledge is our greatest tool in protecting the 2020 election.

About the author

Brian Engle

Brian Engle is the CISO and Director of Advisory Services, a role in which he leads the delivery of strategic consulting services for CyberDefenses's growing client base with risk management support, information security program assessment and cybersecurity program maturity evolution. Prior to working at CyberDefenses, he was the founder and CEO of Riskceptional Strategies, a consulting firm focused on enabling the development of successful strategies for implementing, operating, and evolving risk-based cybersecurity programs. Brian’s previous information security roles include Executive Director of Retail Cyber Intelligence Sharing Center (R-CISC), CISO and Cybersecurity Coordinator for the State of Texas, CISO for Texas Health and Human Services Commission, CISO for Temple-Inland, Manager of Information Security Assurance for Guaranty Bank, and Senior Information Security Analyst for Silicon Laboratories. Brian has been a professional within Information Security and Information Technology for over 25 years, and serves as a past president and Lifetime Board of Directors member of the ISSA Capitol of Texas Chapter, is a member of ISACA, and holds CISSP and CISA certifications.