informa
Quick Hits

As Primaries Loom, Election Security Efforts Behind Schedule

While federal agencies lag on vulnerability assessments and security clearance requests, the bipartisan Defending Digital Democracy Project releases three new resources to help state and local election agencies with cybersecurity, incident response.

With primaries for 2018 elections beginning March 6, efforts to harden state, local election systems are being hindered by federal sluggishness and "wariness of federal meddling," the Associated Press reports. 

One of state and local election officials' main complaints, according to the AP report, is their struggle to obtain federal security clearances, which would enable greater information sharing in the event of a security threat or incident. Fewer than half of the officials that have requested federal clearances have yet received them, according to the AP, including the state elections board executive director in Illinois, one of two states where voter registration databases were breached in 2016. 

Another key concern: vulnerability assessments of the state and local election systems. The US Department of Homeland Security offered to conduct these assessments - but only 14 state and three local agencies took DHS up on the offer, and only five of these requested vulnerability assessments have been completed. DHS says all will be completed by mid-April, according to AP.

Election officials did, however receive new guidance Thursday, from the bipartisan group that recently released cybersecurity guidance for election campaign managers. The Defending Digital Democracy Project (D3P) at Harvard Kennedy School's Belfer Center for Science and International Affairs - co-chaired by the former campaign managers for Mitt Romney and Hillary Clinton and the former Defense Department chief of staff during the Obama Administration - published "The State and Local Election Cybersecurity Playbook," "The Election Cyber Incident Communications Coordination Guide," and "The Election Incident Communications Plan Template." 

D3P's recommendations cover paper trails, audit practices, multi-factor authentication, access controls, log management, vendor agreements, end user training, incident response, and communications plans, in addition to details about the specific threats affecting voting systems, from the hardware to registration databases.

For more information, see the Associated Press and D3P.  

Recommended Reading: