Protecting our elections from cyber meddling is a long-term effort; there is no silver-bullet answer.
Yet the security of the 2018 midterm elections has practically made more headlines than the candidates have. A report from the the Center for Strategic and International Studies, in partnership with Raytheon, found that since the 2016 elections, 40 states have invested more than $75 million to improve election security.
The center compiled the report from multiple sources and a survey it conducted with its network of cybersecurity experts.
Robert “Bob” Kolasky, National Risk Management Center director at the Department of Homeland Security, expressed his confidence in the security of our election systems at an event ahead of the midterms elections. The event was hosted by CSIS on Oct. 30, in Washington, D.C.
“This is a long term effort to make the nation’s elections more secure and resilient,” Kolasky said in a panel titled “Securing Election Systems Against Cyber Attacks: Risks and Solutions for 2018, 2020 and Beyond.”
The panel was adamant that voters and the media need to trust the process and systems in place should a security event arise.
“Since 2016, there has been a lot of activity [to address election security]” said John Gilligan, president and CEO, Center for Internet Security, during the panel discussion.
The Center for Internet Security produced a handbook for elections infrastructure security. It was designed to provide consistent best practices for securing election proceedings based on five subject areas: hardware, software, process flow, security data transmission, user training and awareness.
“Basic cybersecurity best practices have been implemented across most of our 50 states, and more than $800 million has been allocated by federal and state officials to harden election systems against cyber threats," according to CSIS. “We are better prepared in 2018 to deal with the threat of foreign election interference, but there is much more to be done to ensure the integrity and resilience of our elections against cyber threats for 2020 and beyond.”
The report found there are over 10,000 jurisdictions that oversee U.S. elections from voting machines to official election websites.
“The real risk here is around system vulnerabilities,” said Jon Check, Raytheon Cyber Protection Solutions senior director. “The first step in protecting these critical systems is admitting that they are all vulnerable, and looking for one tool or piece of software is not the answer.
“Think of the supply chain security operations alone. This is a complex problem, but if we are educating every user involved in our election system and implementing fundamental cybersecurity best practices, that will go a long way,” said Check.
Raytheon is expanding its work in election security, most recently partnering with a board of elections in the Midwest to secure their voting procedures. As part of this expansion, it has developed a service to streamline assessment of the 88 security controls outlined by CIS. This service is made up of: network characterization, subject-area-focused, question-and-answer sessions, internal and external testing and report generation.
“In order to help prevent these breaches, and learn from past ones, vulnerability assessments are essential in creating mitigation recommendations,” said Check. “A big-picture look at each system needs to be developed to ensure it is protected effectively.”
Here are some key takeaways from the report:
- All 50 states are participating in information sharing through the newly established Elections Infrastructure ISAC
- 80 percent of experts surveyed identified Russia as the No. 1 cyber threat to U.S. elections
- 41 states and 68 counties have also installed DHS’s Albert intrusion detection sensors to protect their election systems
- More than $800 million, including $380 million of federal money under the Help America Vote Act, has been earmarked for election cybersecurity across the 50 states