In the wake of the 2016 Russian attempt to hack into Arizona’s election system its Secretary of State Michele Reagan commissioned a top to bottom study of the state’s election security posture the results of which were released in October.
The 15-page report, compiled by Gartner, came up with a series of recommendations and Reagan concluded this knowledge will allow the state’s security level to grow as the suggestions are implemented. Gartner’s main takeaways were:
- Strengthen and formalize processes, documentation and standards to facilitate comprehensive management, maintenance and use of current-state technology.
- Foster a culture of security to enable cost-effective protections commensurate with the risk and value of critical and sensitive software, hardware, and information.
- Enhance strategies for the use of user identities, mobile devices, and transaction monitoring information to improve the effectiveness of existing security controls.
- Leverage modern identity and access management technologies to control access to election systems based on user identity.
The main problems discovered center on the state being reactive in its response to a cyberattack.
“The results of this extensive review revealed that despite the number of security improvements made since the 2016 election, election system security remains at a reactive level. Technical controls, while extensive and effective, were not as effective as they could be due to the lack of comprehensive coverage of the controls across all aspects of the election process, as well as the use of incomplete or immature technological solutions in some cases,” the report stated.
The state will use the $3 million it has received in federal funding to partially offset the cost of implementing these changes.