Undoubtedly there are risks we take when we entrust our democracy to a system so essential to preserving our most basic rights and freedoms. The United States of America, as well as its encompassing state and local governments, have made election security a top priority given the ongoing efforts by foreign players to impact U.S. elections. Election systems in many jurisdictions face a significant risk of compromise because of inadequate funding for cybersecurity. Federal funding of $380 billion from the Help America Vote Act (HAVA) fills a portion of that gap, but state and local governments need to be strategic in how they manage this budget.
Secure voting requires reliable processes and secure frameworks that cut across the entire system. Cybersecurity in elections call for precise technical recommendations with robust risk-mitigation plans to guarantee safety.
Since August 2016, the strain on the electoral system has dramatically increased due to a series of cybersecurity related concerns. Foreign interference of midterm elections from external parties has become a reality.
The election system comprises voter registration databases, vote casting, and tallying among other crucial aspects of any election. Both internal and public communications are also essential. All these systems need a great deal of integrity. No element should be compromised and thus the need arises for proper security procedures to address outlined security breaches to any of the arrangements. Election integrity is at stake here. Challenges were evident in the 2016 election cycle, especially from the communications aspect. Information sharing proved critical even though no votes seemed to have been altered in 2016.
There is a consensus that the digital attack surface is larger than ever before, and is growing on an industrial scale. The complexity of managing security is difficult and becoming more challenging. Advanced threats continue to evolve and are harder to combat. But the responsibility of protecting democracy does not squarely rest on the government’s shoulder. “Social platforms have a responsibility to address misinformation as a systemic problem, instead of reacting to case after case,” writes The New York Times’ (NYT) editorial board.
“At this stage of the internet’s evolution,” writes NYT editorial board “content moderation can no longer be reduced to individual postings viewed in isolation and out of context. The problem is systemic, currently manifested in the form of coordinated campaigns both foreign and homegrown. While Facebook and Twitter have been making strides toward proactively staving off dubious influence campaigns, a tired old pattern is re-emerging — journalists and researchers find a problem, the platform reacts and the whole cycle begins anew. The merry-go-round spins yet again.”
Secretaries of State throughout United States, close to 40 of serving in the capacity of the state’s chief election officials, are on the forefront of safeguarding the entire election process and more specifically, the election platforms which can be compromised to alter the outcome of the elections. They have recruited information technology teams to design robust frameworks to help them address the information security concerns. Other sectors have also been brought in, among them the National Guard, private-sector security companies, universities, and even the federal government. However, the team that seems to be the strongest and more likely to bring in a more significant input is the Department of Homeland Security (DHS).
The decentralized system seems to be working, at least for now. It is the biggest protection of the American democracy. The best part is the fact that designation remains in place, thus allowing state and local election officials to work towards achieving an effective election. This will only be achieved through a seamless system of election. The best move is the fact that the local government has developed a more productive relationship with the DHS. This is a leap forward because the challenges of election security can be faced through a combined effort.
The standout aspect which renders the United States readier than ever is the immense support that they are bringing in the cybersecurity domain. There is a dire need for a comprehensive assessment of all the physical services that are going to be used during the elections. Information sharing is another building block of a midterm election, implying the need for robust frameworks, reliable platforms, and secure media which would translate to a credible election process. Other issues which can be tackled more effectively as a result of this relationship is the education aspect. Education opportunities ensure that those in charge have hands-on skills in minimizing chances of election tampering rendering it resilient to interference. From the education aspect, staff and all the key officials need to be enlightened on the need to have a secure system, for example, the fact that they do not have to share critical access codes to such systems.
One other significant recommendation is a proper preparation process of bringing in the Government Coordination Council (GCC), who make up one of the most essential stakeholders. They are concerned with information sharing, more specifically election data which determines the outcome of the election. They have the necessary expertise to secure the information infrastructure which would be used in the analysis and sharing of election data. The fact that they involved 50 states with over 1,000 local election offices as members creates a common hub that enhances the ability to share information among the election officials, increasing the data breach risk. However, such a risk can be mitigated with the presence of GCC which has hands-on experience on data security.
Allowing free flow of information among election officials on a secure, common platform eases the risk management practices. This is the best recommendation which would translate to a secure election framework cutting through all the processes. Such a recommendation can easily be amplified across the local regions. Having learned from the 2016 election cycle the need to be vigilant concerning threats that affect election infrastructure, elections’ risks are now well analyzed with proper mitigation plans. These plans enhance security, provide comprehensive training of election officials, and prioritize updated systems.
Having federal partners, those in the private sector and the state as parties in the election process ensure that there are strong cyber practices to counter information security threats. Other critical recommendations encompass comprehensive threats analysis which would eventually aid in coming up with water-tight risk management plans. Security has been given top priority, and elections are now taken seriously. Necessary information security defence mechanisms have to be put to practice. All these steps have covered the critical issues just as highlighted in the article. Advanced election systems with secure processes are mandatory and should be employed in the process of delivering credible midterm elections in the United States.
Election security is crucial to a functional democracy, and local elections administrators have a difficult and important job in ensuring that elections run smoothly and their results are reliable. A comprehensive approach to network security that covers a jurisdiction’s entire infrastructure — from the data centre to multiple clouds, from voting machines to voter registration databases – is in place but requires constant updating.
With clear visibility and centralized control, administrators can avoid manual security processes and stop advanced threats before they cause a threat to democracy.
This article was first published in Hilal Monthly here