Election Security Spotlight - Preparing for an Election Year
Preparing for a presidential election is massive project and unlike all other elections. As election officials, you implement a variety of policies, procedures, and checklists.
What It Is
Preparing for a presidential election is massive project and unlike all other elections. As election officials, you implement a variety of policies, procedures, and checklists. However, there is always that one question that haunts election officials: have I forgotten anything? To help ease that worry, the Elections Infrastructure Information Sharing and Analysis Center® (EI-ISAC®) is here to provide you with a cybersecurity checklist of reminders to help enable you to be cyber ready as you continue to plan for a presidential election.
Why It Matters
Whenever it's a presidential election year, the general election attracts a lot of focus. It catches the attention of candidates, enthusiasts, nation-state threat actors and foreign malign influencers, the media, and the general public. As election day draws nearer and the level of scrutiny on the election heightens, it is absolutely critical that election officials double check every list and put the finishing touches on their planning.
What You Can Do
Here are a few recommendations and/or reminders from the EI-ISAC:
- It's not too late to ensure you have a defense-in-depth strategy in place. Implementing layers of protection is the best way to strengthen your organization’s cyber posture. The following solutions are available to election offices at no-cost through the EI-ISAC:
-
- Endpoint Detection and Response (EDR) provides device-level protection by blocking malicious activity and stopping an attack.
- Malicious Domain Blocking and Reporting (MDBR) enhances your web security posture by preventing information technology systems from connecting to bad domains.
- Ensure that your public-facing systems are secure with our Vulnerability Disclosure Program (VDP). The VDP is a process used to receive, validate, and communicate vulnerabilities discovered by ethical security researchers on public-facing sites.
- Establish your organization as a trusted source. The creation and dissemination of deepfakes causes confusion amongst everyone. Start educating voters, candidates, the media, and the public now on what they need to know.
- Meet with your local law enforcement. With potential threats surrounding the general election, it is crucial that you meet with and establish a good working relationship with your local law enforcement office. Ensure that they are aware of when all elections will be held and which polling locations will be utilized. If you have not done so already, start having these conversations now. Help law enforcement help you!
- Review The Essential Guide to Election Security. The Center for Internet Security® (CIS®) developed this guide as a one-stop resource for election security best practices.
- Prepare for election day disruptions. Election day disruptions include everything from swatting and bomb threats to white powder substances in envelopes. These disruptions are threats/attacks to disrupt the voting process. To prepare for potential election day disruptions, please review the "Prepare for Election Day Disruptions" section of our Essential Guide discussed immediately above.
- Host/Participate in tabletop exercises (TTXs). Nothing can prepare you for an incident more than practice. Please reach out to CISA’s National Cyber Exercise Program at [email protected] to schedule a TTX for your jurisdiction.
- Beware of insider threats. Be sure to properly vet any new hires (such as temporary workers, poll workers, and volunteers), as anyone can be an insider threat. Limit access to only what is necessary for individuals to do their job.
- Manage your online presence. For both your personal safety and office safety, make a conscious effort to limit what you post on social media. Avoid posting personal or sensitive information, and exercise caution with whom you connect.
- Visit CISA’s #Protect2024 Website. Please visit https://www.cisa.gov/topics/election-security/protect2024 to learn more about the resources that CISA has available to support election officials.
Please contact us at [email protected] if you have any questions.