Protecting Election Systems Against Hackers

Rachel EckertWritten by | Featured, Security

There are many stakeholders in the vast and intricate network that makes up our national election system — federal, state and local public entities, private companies and of course citizens themselves. And, it’s no secret that IT systems and databases that support voter registration, polling books, vote tallying and election night results are all potential targets of hackers that intend to disrupt outcomes.

Political campaigns are well underway with less than a year before the general election — and the rush is on to identify and mitigate any potential security gaps in election systems.

Updating and/or replacing these systems is expensive, and with already strapped budgets, this strains state and local governments alike. While some governments have already invested in systems upgrades and improvements, many others will be looking for help from the vendor community before November.

Funding for Election System Upgrades

The good news is that there are funds available to state and local entities in the form of grants from the “Help America Vote Act” — or HAVA. In March 2019, an additional $380M from the federal government was provided to states to help with election security improvements. Each state received a base of $3M with the remainder of the $380M distributed by voting age population. Smaller states typically only received the base $3M, but larger states like California received upwards of $34M.

Security vendors should take note of where funding is flowing and how each state or municipality intends to utilize it.

Security Improvements

Forty-one states will spend their allocation on election security improvements. For example, the N.Y. Board of Elections already used their allocation to fund a new cyber plan titled ARMOR that includes four key components: performing risk assessments on state and county systems, mitigating any identified vulnerabilities, performing on-going monitoring of operations and responding to any incidents. New York plans to procure web hygiene tools, risk assessment services and intrusion detection solutions to carry out their plan. Some of the other states spending money on election security cyber improvements: Washington, Oregon, California, Texas, Minnesota, Wisconsin, Illinois, Maryland, New Jersey and Vermont.

New Voting Equipment

Thirty-four states have or will be using their funding to purchase new voting equipment. In the November 2018 elections, Michigan was one of only a handful of states to utilize all new voting equipment. States like California, Alaska, Wyoming, Oklahoma, Arkansas, Georgia, Tennessee and New Jersey are also spending money on new voting equipment.

The new machines have human-verifiable printed ballots and will tabulate results electronically. Vendors provide training to local governments with the delivery of the new machines and help establish working groups for local governments to collaborate on best practices.

Voter Registration Systems Improvements

About 14% of the funds from 29 states were used to make direct improvements to voter registration systems. North Carolina expects their new statewide election information management and voter registration system to be ready for public use by December of this year. Security, transparency and flexibility are the cornerstones of the system. The goal is to easily provide information not just to county governments, but to the public as well. The system also provides the public with an easier method to register to vote through DMV. Other states looking to shore up their registration systems: Nevada, Utah, Texas, Indiana, Ohio, Rhode Island, Massachusetts and the District of Columbia.

Critical Infrastructure Designation

Election systems have been designated “critical infrastructure” by the U.S. Department of Homeland Security,” which expands the type of support they can access beyond just the HAVA grants. For example, The Center for Internet Security, which is partially funded by DHS, has established the Elections Infrastructure Information Sharing and Analysis Center. It acts very similar to the Multi-State Information Sharing and Analysis Center (MS ISAC), that many states already leverage for additional free security assessments, monitoring and mitigation tools.

Even with the additional tools and funding resources available to state and local governments, making election security improvements will still be a struggle. Expertise and solutions from the vendor community will be necessary to assess and implement security enhancements due to the shortened timeline and limited personnel.

Contact Us

Reach out to the immixGroup Market Intelligence team to learn more about what state and local governments are doing to prepare for the 2020 elections.

Keep on top of what’s happening in SLED IT. Subscribe to immixGroup’s Government Sales Insider blog.

 

Last modified: February 6, 2020