State Officials Showcase Election Security Plan in US

A Chicagoland election official has put forth an “Election Security Plan”, meant to secure the voting process for Americans. It’s a hot-button topic in the wake of Russian meddling in the US presidential election last year.

Authored by Noah Praetz, director of elections with the Cook County, Ill. Clerk’s Office, the Election Security Plan represents a first-of-its-kind to be put forth by a local official since news broke that Russia attempted to infiltrate voting networks in at least 21 US states during the 2016 election.

The plan, announced at an event put on by hacking conference DEFCON and the University of Chicago’s Harris School of Public Policy outlines several strategies for stakeholders to better defend, detect, and recover from cyber threats aimed at voting equipment, systems, networks and databases. Specifically, it describes “a challenging, comprehensive, yet achievable list of actions” for both federal leaders to support the more than 9,000 voting jurisdictions around the country, as well as the responsibilities of state and local officials.

These include:

Defend: Increase the defensive capacity of local and state election officials by: Supporting a digital network for all local election officials that will facilitate rapid sharing of threats and incidents, as well as supporting increased training and resiliency; financing an election infrastructure and information security officer (EIISO) (or consultant) servicing every local and state election official in the country; and ensuring that threat and incident information known to government is shared appropriately throughout the election ecosystem.

Detect: Increase the catastrophic breach detection capacity by incentivizing: The use of modern public audits of all elections; the use of modern voting technology that captures a digital image of each ballot that can be tied to the original ballot and the cast ballot record; and the use of monitoring sensors on the networks of all willing election officials.

Recover: Eliminate even the most remote possibility of an undetectable catastrophic breach by replacing all paperless voting systems that currently serve nearly 20 percent of the country.

“This is a critical time when Americans need to be reassured that their vote is secure—and I am proud that my election administration colleagues at the state and local level are the ones serving valiantly on the front lines,” said Praetz, underscoring the need for local action backed by federal support. “Like good servants, these officials will tell you they can continue to hold the line. But they need to be fortified by resources from the federal government, and they need guidance in terms of what line they even can hold.”

In early 2017, the US Department of Homeland Security designated elections as a critical infrastructure subsector, giving the federal government more authority to take action. Sean McCloskey from the DHS's Office of Cyber Security and Communications was on hand for the announcement, highlighting DHS's current role with the Elections Security Task Force.

However, state and local officials who hold constitutional responsibility for administrating elections are often overburdened and constrained by the lack of funding needed to implement security measures.

“Recently, we’ve seen a groundswell of bipartisan national security and cyber leaders uniting to frame the problem and highlight what Russia or other nefarious actors could do to our democracy,” said Jake Braun, a cybersecurity lecturer at University of Chicago and DEFCON Voting Village representative who emceed the event. “Now it’s encouraging to see state and local leaders like Mr. Praetz—and many others who helped influence his plan—coming together to offer solutions. With the full funding and resources to do their job, there’s no question they can better secure our democracy for 2018 and beyond.”

What’s Hot on Infosecurity Magazine?