Election Security Insights – August 2019
In This Issue
- Need an Incident Response Plan? Here are some things to consider.
- Establish a security-focused mindset throughout your election department.
- Read the top election security stories making the headlines.
DEVELOPING AN INCIDENT RESPONSE PLAN FOR ELECTIONS
by Brian Engle, CISO and Director of Advisory Services
Developing an Incident Response Plan is a critical step in designing a strong cybersecurity program. In the event of an attack, a well-constructed plan can be the crucial difference between operating in reactive mode or taking a more proactive stance that thwarts the attack in its early phases and mitigates the potential damage. While it’s valuable for any organization, it is particularly meaningful for election departments focused on preparing for the 2020 election and defending against the possibility of a cyberattack.
Creating an Incident Response Plan for election environments requires a distinct approach compared to plans developed for businesses. Elections involve multiple organizations across different locations and varying tiers of staff members and volunteers. Elections are also inherently time sensitive. A successful plan will accommodate this specific range of factors, and to go further, a good plan will account for the most plausible attack methods and how to handle them during an election.
Each organization should have a plan customized to its unique processes and environment. While no two plans will look alike, there are some common elements that form the basis of a sound Incident Response Plan.
- Define which events require escalation and action
Have criteria in place that defines the security events which warrant immediate, urgent action and decide an escalation path that defines who should be notified. Outline how to contact the people and organizations that need to step in to handle the cybersecurity incident.
- Determine your response for each likely attack type
Consider each potential threat and map out a plan for addressing each. Many attacks require isolating the threat by quarantining devices and systems. Other attacks may involve coordinating with other teams and departments to orchestrate the right response. Plan concrete steps that can be clearly followed and consider responses both for an attack within your own network as well as how to handle an attack outside of your network that may have the potential to impact your environment through data sharing or other connectivity.
- Decide how you plan to respond to ransomware demands
The decision to comply with ransomware demands or not involves multiple stakeholders, often across several departments, which can take time to coordinate – time you don’t have during an attack. Have the tough conversations before you’re faced with the real-life decision so you can carefully weigh the consequences and reach a consensus on how to respond if the worst happens.
- Have a communications plan in place
Any cybersecurity incident involving public data or interests warrants disclosure, and this is particularly true with elections. Identify which organizations should be notified, including the media and law enforcement, and have specific contact information established beforehand.
Incident Response planning is well-worth the effort. Knowing that you are prepared to handle a cyberattack scenario helps teams avoid fear mongering and stay focused on running smooth elections.
For help developing your Incident Response Plan, download the template here.
CYBERDEFENSES ELECTION SECURITY GUIDE
ACHIEVING THE CULTURAL TRANSFORMATION NECESSARY TO SECURE ELECTIONS
Election cyberattacks are a growing challenge that threaten democracy. Even if an attacker never takes definitive action, the doubt cast by an attempted attack can be enough to undermine confidence in our election system.
The reality is most election teams rely on computers and the Internet for operations and communications, even if the actual election is conducted offline. This opens up avenues of attack that cyber criminals can target through a variety of methods from phishing to publishing false information on fake websites.
Defending against this heightened threat level requires an internal team culture characterized by a vigilant day-to-day cybersecurity mindset. Protecting elections from tampering, data theft and other attacks is no longer solely the responsibility of IT or cybersecurity teams. It is everyone's responsibility. Download the guide at https://www.cyberdefenses.com/
Election Security Needs Increased Federal Investment
Foreign interference is still an ongoing threat to state and local election security and can only be guarded against through increased federal assistance, warns a recently published report. Defending Elections, published by the Brennan Center for Justice, claims that state and local governments are on the "front line" of a "cyberwar" with foreign actors and hackers.
The Unsexy Threat to Election Security
Krebs on Security
Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. But according to a report quietly issued by a California grand jury this week, more attention needs to be paid to securing social media and email accounts used by election officials at the state and local level.
Why Getting Election Security Right in 2020 Matters
How much election security is enough? The answer: Enough to convince a losing candidate that they lost. Will that happen for the 2020 elections. Probably not. "Is it enough? How much is enough?" Herb Lin, Senior Research Scholar at the Center for International Security and Cooperation at Stanford University, and co-author of the Stanford Cyber Policy Center's "Securing American Elections" report, asks.
CyberDefenses is an award-winning Managed Security Services Provider (MSSP) specializing in election security. Schedule a 30-minute conversation to learn how we can help protect your election from cyber attack.