Officials tasked with securing elections face a complex challenge. They need to build a voter registration database, secure the voting machines, and then tally votes accurately — all in the face of potential disruptions from malicious actors, foreign and domestic.
In an age of mis-, dis-, and mal-information, election officials also need the public to believe they’re doing all this securely, because election integrity isn’t just about accurately counting votes.
“It’s also about perception,” said Jim Richberg, Head of Cyber Policy/Global Field Chief Information Security Officer with Fortinet. “If enough people think you have a problem, you have a problem.”
A Changing Landscape
The threat landscape around elections has evolved in recent years, with increasing risks to security and privacy. “Election officials and poll workers are now facing an unprecedented level of physical threats and intimidation,” Richberg said. This comes on top of cyber risks from nation-states and malicious insiders.
Because there’s no “do-over” on holding an election, officials need to focus first on avoiding unrecoverable errors, or activities that prevent citizens from voting. For instance, if a ransomware attack locks up the registration database in the months prior to election day, “not being able to get to it because the data’s been encrypted will stop local jurisdictions from pulling the data they need to create ballots for the registered voters in each precinct,” Richberg said.
Then there’s disinformation: Suppose someone accessed a local government’s social media account and directed voters to the wrong polling place hours before the polls closed. This risks large-scale disenfranchisement.
“Because so many people use social media in local government, for myriad purposes, those passwords are well-known and often not well-secured. So why don’t we have a coordinated change of social media passwords in local government three days before the election?” he said. That would create a potential roadblock to that kind of attack.
Technology to the Fore
In elections today, you must secure everything, from devices to databases, Richberg said. With unprecedented turnover among election officials and cyber teams stretched thin, state and local governments must rely on commercial solutions wherever possible. “Look for solutions that are automated…that leverage multiple sources of threat intelligence coming from different directions and that are interoperable,” Richberg said. Fortinet, for example, produces more than half the firewalls used globally and offers a portfolio of more than 50 products and services. These integrated solutions share threat intelligence and collaborate automatically, he said.
With the right technologies in place, election officials can then lean into proactive messaging.
“It’s about saying, ‘Here’s what are we doing to secure your elections. We have ways of validating signatures on absentee ballots, we have these things called firewalls that will prevent intrusions, and our voting machines are not connected to the internet,’” Richberg said. Those measures and messaging can help preempt mis-, dis-, and mal-information about electoral integrity.
This article appeared in our guide, “Building Trust With Tech In State and Local Government.” To see more about how agencies are using technology to build relationships with constituents, download it here:
