Election Ecosystem Security
Interpreting, implementing, and adhering to statutes and regulatory requirements specific to elections can be challenging even under ideal circumstances. These challenges tend to increase when external requests, demands, constraints, and changes are layered upon what is already a complex and cyclical process.
Rule-making, legislative changes, and guidance, while well intentioned, often lack clarity or remain open to interpretation in terms of how to meet those standards in complex environments and environments that are not closely aligned with the models upon which the rules may have been considered.
Ensuring that safe and effective controls are in effect, in addition to being able to interpret cybersecurity intent to properly design those controls, is a key challenge for many counties, as well as organizations that develop solutions in the elections market. Common challenges include:
- Developing secure operating practices to help limit risk to air-gapped networks and systems where data imports and exports must occur
- Leveraging capabilities in certified images and systems to help improve resiliency and recovery options
- Assessing solutions to ensure support for technical requirements
- Planning and assessing the impact of technical changes from a budgetary standpoint
- Understanding alternative approaches and compensating controls that collectively meet or exceed the intent of regulations
- Preparing for cybersecurity incidents, including developing response procedures and performing tabletop exercises
- Having a qualified incident response team with elections experience available in support of elections-related incidents
- Devising strategies for liaising with county IT or other technology teams that may have competing priorities or differing interpretations of intent and reasonable controls
- Establishing cybersecurity-aware procurement and product/service selection processes to limit service acquisition-driven risks
- Understanding current and emerging threats, and what they truly mean from a risk perspective to elections
Beyond addressing specific technical or process challenges, we can help ensure you’re equipped with the tools and knowledge necessary to make cybersecurity an integrated and continual process, drawing on best-in-breed guidance, recommendations, and services from resources such as:
- The Center for Internet Security’s Handbook for Elections Infrastructure Security
- The Belfer Center’s State and Local Election Cybersecurity Playbook
- The U.S. Election Assistance Commission’s Election Security Preparedness guidance
- Department of Homeland Security — we’ll show you how and what to leverage from freely available resources for critical infrastructure systems (which includes election systems)
Knowing what and how to leverage services and resources in a pragmatic and risk-based manner is key to tangible, effective improvements and preparedness. Reach out to Rule4 today. We’ll provide actionable guidance and implementation assistance to ensure you’re better prepared to operate safe and secure elections.