Source: “A Handbook for Elections Infrastructure Security” (CIS)
The lunch address by DHS Secretary Nielsen provided a unifying response to election security by emphasizing that “successful or unsuccessful attempts to hack into elections are an attack on American democracy.” If Americans can’t trust the outcome of elections then what can we trust? Secretary Nielsen also pointed out that “election security is a vital national security issue.” Since DHS dubbed election infrastructure as critical infrastructure and part of the Government Facilities sector last year , Department of Homeland Security has provided strong support in part through a $400 million funding bill that aims to help states update their security and keep American elections secure.
Another panel provided a state perspective on best practices for keeping voters and elections secure. Secretary Kim Wyman from Washington State provided valuable insight on how to use the National Guard’s cybersecurity forces and security training for state employees to keep security up to date. Colorado and Vermont have also been a pioneers on election security having introduced two-factor authentication among other state level initiatives. In Vermont, two-factor is used by local election officials , who could be a weak link from a security perspective. Sue Friedberg, who heads up the Cybersecurity & Data Protection Group, a cybersecurity arm at Buchanan Ingersoll & Rooney PC, added that, “People who built systems aren’t the best to evaluate them. The IT department are not the best ones to find the vulnerabilities.” We couldn’t agree more. In the words of our Co-Founder and CEO, Jay Kaplan: “Having developers test their own systems is like grading your own test.” Getting a third party, adversarial perspective is critical to getting a realistic assessment of your security risk.
Finally, one of the most talked about initiatives in election security came from the Center for Internet Security (CIS), a non-profit, which published an Election Security Handbook to help guide the States in best practices for securing their elections earlier this year. Among the key lessons learned from their handbook was the importance of risk assessments: “Unfortunately, many election officials do not have the expertise or resources to conduct an adequate risk assessment. The ability to efficiently and effectively execute a risk assessment is further reduced by the difficulty in objectively assessing evolving threats, as well as the complexity of the elections processes and systems.”
Synack was honored to be invited to NASS and looks forward to continuing to educate, engage, and support states’ election security initiatives through crowdsourced security. We take the following lessons from our conversations with secretaries of state at NASS:
$1 dumps cvv ccfullzshop review
