Critical Infrastructure Security, Critical Infrastructure Security, Network Security

State of security: New Mexico


Who's in charge: Secretary of State Maggie Toulouse Oliver, Election Director Mandy Vigil

From a security perspective, New Mexico is entering the 2018 elections from a position of strength.

The Land of Enchantment relies solely on paper ballots, using only marking devices and optical scanners to record and tally the votes. Prior to the election, the state was to replace some of these scanners with new equipment that incorporate ballot image capture and auditing capabilities as security features.

(Absentee voters reportedly use paper ballots too, but they can return theirs electronically, which is considered an at-risk process.)

The state's mandatory audits also don't rely on electronic equipment. Instead, audited votes are hand-counted. According to New Mexico law, audit samples are chosen in a manner "that will ensure, with at least ninety percent probability for the selected offices, that faulty tabulators would be detected if they would change the outcome of the election for a selected office." The closer the margin of victory is between two candidates, the greater of number of precincts that are audited.

Testing before Congress last June, University of Michigan computer science professor and elections expert J. Alex Halderman reportedly said that Colorado and New Mexico are the only two states that "conduct audits that are robust enough to detect cyberattacks."

Earlier this year, New Mexico was granted nearly $3.7 million in federal funds to apply to elections security.

According to documentation New Mexico recently provided the Election Assistance Commission, the state will use some of this money to further  enhance to its new voter registration system, which debuted in December 2017 and currently features multi-factor authentication and "robust access audit capabilities." Additions to the system for 2018-19 will include a secondary site for disaster recovery, and a new intrusion detection solution.

New Mexico also told the EAC it would create a new cyber position within the Secretary of State's IT department, whose role would be to manage an Election Security Program featuring new election security policies and best practices. The expert filling this position will also develop and oversee a security training program (including some web-based training), as well as a risk assessment and monitoring program that operates on the county level.

The state was expected to have an in-depth training program in place for election staff in time for the 2018 election.

According to the Center of American Progress, New Mexico deserves a B grade for election security due to its use of paper, its strong auditing practices, its testing of all voting machines to EAC guidelines, and its use of various voter registration protections, including access control, logging, intrusion detection, vulnerability assessments and more.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.