IN THIS ISSUE
- CyberDefenses's Perspective: Learn how you can change security culture.
- Intel officials are concerned about foreign adversaries. Here's why.
- Discover why an expert is optimistic about election security improvements.
- Looking ahead to the 2020 election has some worried.
- A glance back to 2018 shows what went well and what didn't.
- Rhode Island is fighting back against Russian election interference. Here's how.
- See the latest election attacks in the Interactive Election Incident Map
- CyberDefenses Blog: Protect 2020 with groundbreaking election security services.
- Find out which events should be on your calendar.
CyberDefenses's Perspective
Transforming Security Culture in Your Election Department
By Brian Engle, CISO and Director of Advisory Services, CyberDefenses
Securing elections against cyberattack has been top of mind for election officials for many years. Working to protect elections is nothing new and many organizations have made strong strides in the right direction. However, as we approach the 2020 election, the attacks, breaches and headlines from 2016 continue to haunt those of us responsible for making sure elections are safe from tampering and disruption. Stories continue to trickle in of breaches and attacks that circumvented existing security measures. In some cases, credentials were stolen from an unsuspecting staffer or a system weakness was left exposed by a third-party vendor. The harsh lesson behind these examples is that overlaying security onto election operations is not enough. Election security must be woven into the culture so that it is pervasive across every possible level of the entire election process.
It is not uncommon to focus election security efforts exclusively on voting technology, such as voting machines or tabulation systems, and security at this level is certainly important. However, election security must go beyond these systems. The reality is cyberattackers infiltrate elections using a variety of different methods across the entire election process.
An effective election security initiative encompasses every aspect of the process. From the moment a voter registers or a candidate files until the election results are certified and published, each point where data or voting functions could be exposed should be evaluated and secured.
Implementing security across this full scope requires a customized effort. Employing the same cybersecurity techniques and tactics used to secure businesses doesn’t align with the election process. Elections typically involve unique steps, several different locations and departments with varying technologies, a hybrid manual and digital environment and a workforce comprised of short-term volunteers as well as full-time staffers.
Another key difference between elections and business environments is that the motivations and attack techniques involved in elections are widely varied. Unlike corporate breaches motivated largely by financial gain, election attacks are motivated by a range of different desired outcomes, from furthering a community agenda to destabilizing an entire democratic system. Securing elections must factor in all likely scenarios so that security teams can effectively focus on and monitor the right type of suspicious activity.
What’s more, ensuring that your team understands the different motivations and attack methods is an important part of building a culture that integrates security into every aspect of the election process. At a minimum, every staffer should be equipped with a clear understanding of why it’s so critical to protect system login credentials, how they can spot an attack, and what they can do to immediately stop it and report it. Making this level of security awareness a baseline aspect of every staff member and volunteer’s job will go a long way toward instilling a culture that revolves around security. This all-encompassing cultural approach is the best way to make certain you aren’t leaving gaps exposed to attacks.
In many cases, security efforts focus only on voter machines or tabulation systems, but the reality is cyberattackers infiltrate elections using a variety of different methods across the entire election process. CyberDefenses election security services address the entire process from voter registration to electronic results reporting.