Sharing information and seeking guidance. Since the 2016 Presidential election, county and state governments have redoubled their efforts to seek help from federal entities and each other to improve electronic voting system cybersecurity, according to Matt Shabat, U.S. strategy manager for Glasswall Solutions and a Department of Homeland Security cybersecurity official. Working with the Elections Assistance Commission, the DHS and the Federal Bureau of Investigation to assess risks, identify threats and vulnerabilities, state and county governments have sought more guidance in implementing security controls and “consequence management techniques, such as audit capabilities,” Shabat says. States have also participated in federal cybersecurity assessments, training, and information-sharing programs through the Election Infrastructure Information Sharing and Analysis Center, to access a 24/7 operations center, obtain incident response support and receive threat and vulnerability monitoring.
Perfecting the process. Even the most tech-savvy IT professional will admit that technology implementation itself is less time-and-resource-consuming than dealing with the people and process issues. While election processes vary from state to state and county to county, more of these election hubs are looking to better streamline their processes and align them with other jurisdictions in order to maintain more consistency across the board. In many cases, this requires recruiting more human monitors to ensure that there are at least two monitors to follow the polling place proceedings, according to John Petrie, CEO of NTT Security Americas.
Analyzing patterns to detect potential tampering. While a lot of attention and money has been paid on attempting to protect the ‘front wall’ of voting systems, any cybersecurity professional will freely admit that no security measure is foolproof. “Bad actors are a persistent threat,” points out Sheldon Shaw, director of cyber industry consulting at SAS, adding that in elections as in the enterprise, “the ability to detect a bad actor inside the network is key.” For this reason, Shaw sees more election authorities beginning to embrace behavioral analytics to identity normal versus suspicious voting actions. Additionally, Shaw says analytics can help identify suspicious behavior among trusted insiders. “Is someone logging into different or new systems? Are they sending files outside the organization that shouldn't be sent?”
Preparing for the worst. It may sound rather pessimistic, but given the on-going heightened focus on election security and potential interference (from inside and outside the country), it is little surprise that while taking steps to better secure the systems and the process here, state and county officials are girding their loins for the blowback that is sure to come no matter what happens. Sean A. Mason, director for incident response at Cisco, points out that, “Elections are sacred to the foundation of our country and aren’t a time to shy away from asking for help.” He recommends that “governments at all levels should take the time to reach out proactively” for expert cybersecurity experts now and in the future, to better assess their environment and design a response plan to include all the needed contacts, third parties, and other government touch points.
Educating the voters themselves. Just as security awareness training is essential to insuring that employees can help keep the enterprise secure, making voters aware of the potential ways the voting system may be compromised is also critical. “Nonpartisan election officials can increase faith in free and fair elections by educating voters to increase awareness about the methods and manipulation tactics commonly-used in digital disinformation campaigns,” says Michael Marriott, research analyst at Digital Shadows. However, the responsibility extends beyond the state level. Beyond just state and local governments, Marriott believes that media outlets, think tanks and other non-partisan groups should play a role in monitoring domains and keeping tabs on possible tampering.