As I work with officials from these diverse election authorities, I’ve developed a set of best practices that will enhance security in any election environment. Let’s take a look at five key measures that every Board of Elections should put in place.
1. Secure the Endpoints
Security starts at the endpoint, and this is certainly true for election networks. Election officials should deploy next-generation endpoint protection (NGEP) technology to control and monitor endpoint activity. NGEP goes beyond traditional anti-virus; advanced platforms use machine learning to identify abnormal behavior in applications, which can stop fileless malware or zero-day threats. The NGEP product can take actions such as blocking a file or alerting for further investigation.
In addition, election networks are highly controlled environments that use a small set of applications. NGEP and other tools can implement application whitelisting, which restricts devices on the network from executing applications that don’t appear on a preapproved list, limiting the potential for malware and other unwanted software on the network.
2. Provide Network Visibility
Network security teams should have complete insight into every action that takes place on sensitive election networks. Network visibility platforms can use machine learning to identify normal behavior on the network and detect anomalies such as malware or an attack in progress. Products are available for full packet capture on sensitive networks, giving 100 percent forensic visibility into network traffic. Security information and event management (SIEM) solutions can integrate with these tools to provide a complete and secure audit trail along with alerting. This data may prove essential to any investigations that take place after a cybersecurity incident.
3. Maintain Patches and Assess the Environment Regularly
Voting systems often rely on off-the-shelf software and operating systems that have the same security vulnerabilities as any other device. Elections officials should develop a detailed vulnerability detection and patching plan, not just for the operating system but also for the software installed on all systems on the network, including voting machines and the network infrastructure hardware itself. Tools such as vulnerability scanners should be used to routinely assess the state of software and confirm that vulnerabilities are patched and addressed.
The complexity of election networks and their security controls requires regular testing to verify adherence to security standards. In addition to vulnerability scans, we recommend that election officials conduct penetration testing to validate the security of their networks on at least an annual basis. White hat hackers can help validate the security of a network and highlight any potential exposures that need to be addressed.
4. Maintain a Paper Trail
Voters must have confidence in the integrity of elections, and this requires special security measures. We recommend that election officials implement a voter-verified paper audit trail to provide voters with the confidence that the system accurately recorded their votes and to facilitate a recount, if necessary.
5. Train Staff on Election Security
The security of elections depends as much on people as it does on technology. Election officials should offer training to both technical staff and poll workers to ensure that they have the knowledge necessary to properly configure election environments and monitor polling places for suspicious activity.
As we move into another election season, we’re faced with an excellent opportunity to bolster the digital security measures used by election officials around the nation. Taking the time to enhance these controls now will help prevent future security incidents and increase voter confidence in the integrity of elections.