While federal agencies lag on vulnerability assessments and security clearance requests, the bipartisan Defending Digital Democracy Project releases three new resources to help state and local election agencies with cybersecurity, incident response.

Dark Reading Staff, Dark Reading

February 14, 2018

2 Min Read

With primaries for 2018 elections beginning March 6, efforts to harden state, local election systems are being hindered by federal sluggishness and "wariness of federal meddling," the Associated Press reports. 

One of state and local election officials' main complaints, according to the AP report, is their struggle to obtain federal security clearances, which would enable greater information sharing in the event of a security threat or incident. Fewer than half of the officials that have requested federal clearances have yet received them, according to the AP, including the state elections board executive director in Illinois, one of two states where voter registration databases were breached in 2016. 

Another key concern: vulnerability assessments of the state and local election systems. The US Department of Homeland Security offered to conduct these assessments - but only 14 state and three local agencies took DHS up on the offer, and only five of these requested vulnerability assessments have been completed. DHS says all will be completed by mid-April, according to AP.

Election officials did, however receive new guidance Thursday, from the bipartisan group that recently released cybersecurity guidance for election campaign managers. The Defending Digital Democracy Project (D3P) at Harvard Kennedy School's Belfer Center for Science and International Affairs - co-chaired by the former campaign managers for Mitt Romney and Hillary Clinton and the former Defense Department chief of staff during the Obama Administration - published "The State and Local Election Cybersecurity Playbook," "The Election Cyber Incident Communications Coordination Guide," and "The Election Incident Communications Plan Template." 

D3P's recommendations cover paper trails, audit practices, multi-factor authentication, access controls, log management, vendor agreements, end user training, incident response, and communications plans, in addition to details about the specific threats affecting voting systems, from the hardware to registration databases.

For more information, see the Associated Press and D3P.  

About the Author(s)

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

VPN other edge devices cybersecurity
Endpoint Security
Teetering on the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTsOn the Edge: VPNs, Firewalls' Nonexistent Telemetry Lures APTs
byRobert Lemos, Contributing Writer
Apr 23, 2024
4 Min Read
Kuala Lumpur, Malaysia, skyline against the harbor at sunrise
Cyber Risk
Licensed to Bill? Nations Mandate Certification & Licensure of Cybersecurity ProsLicensed to Bill? Nations Mandate Certification of Cybersecurity Pros
byRobert Lemos, Contributing Writer
Apr 23, 2024
4 Min Read
MITRE Corp's logo in blue
Endpoint Security
MITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti BugsMITRE ATT&CKED: InfoSec's Most Trusted Name Falls to Ivanti Bugs
byNate Nelson, Contributing Writer
Apr 22, 2024
3 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events