How Sacramento County connects and protects new vote centers
- By Estee Woods
- Nov 18, 2019
When new state voting laws go into effect, it can spell sudden change for local counties and officials required to support them. Fortunately, innovative IT organizations implementing new equipment and secure network connectivity offer a way to modernize voting.
After California's Voter’s Choice Act -- a law intended to create more convenience and flexibility for voters -- went into effect, the Sacramento County Elections Office needed to quickly transition from a traditional precinct voting model to a vote-by-mail and vote center model. The new approach aimed to get more people out to vote at dozens of new locations, where their identities would have to be securely checked with the county's central registration database.
At the same time, the Sacramento County Elections Office determined its voting equipment was aging and was concerned that mechanical failures and security risks could affect upcoming elections. Officials decided to modernize the county's equipment at the same time the voting model was changing -- but required swift action with elections just months away.
Sacramento County's IT team was tasked with opening 80 new voting centers, many of which would not have any IT staff onsite. All 80 sites required fast, pervasive pop-up networks with secure connectivity that could access the central voter registration databases and keep sensitive ballot data and citizen information safe. The new equipment would arrive just two months before Election Day, creating a very short timeline to deploy the new equipment and build a secure and reliable voting center network.
Fast, reliable and secure
It was clear the elections office needed reliable technology that could be implemented securely within a tight timeframe. It settled on branch network technology that included cloud management, end-to-end network security and a wireless edge router with dual LTE modems to deploy in the 80-plus voting centers throughout Sacramento County. The IT team was able to configure all the devices from a centralized location in about 15 minutes, including a site-to-site VPN connection back to its data center.
“A big milestone for the Sacramento County Elections Office will be the 2020 primary next year,” said Kurt Scheuerman, manager of Information Technology for Sacramento County. “Our goal is to ensure constant connectivity across multiple wireless carriers. We’ll use the LTE-optimized software-defined WAN functionality to automatically determine the best connection path across different carriers for maximum performance and uptime with the ability to switch traffic from one carrier to the other -- which occurs in mere seconds if required," he said. "Also, both modems can be active at the same time, allowing for more bandwidth.”
Multiple layers are better than one
With voter data safety and privacy of utmost concern, the Sacramento County Elections Office built a layered security approach that ensures complete isolation from the internet and prevents rogue access at the voting center. This includes:
- Secure, multicarrier cellular network connections.
- Secure, traffic steerable overlay networks,
- Site-based access control.
- Centralized monitoring.
From a cellular perspective, there are two potential configurations depending on the carrier provisioning. With a private Access Point Name (APN), a private connection is deployed across the carrier networks using private (RFC 1918) IP addresses. This configuration prevents the access gateway from being exposed to the internet. However, it is dependent on proper configuration by the carrier and introduces an additional point of failure. The alternative configuration is to use the access gateway directly connected to the internet and leverage the configuration portal to seamlessly and consistently deploy a firewall policy to prevent unauthorized access. Both configurations leverage another layer of security through encrypted private IP-VPN overlays connecting each wireless edge router to the data center and routing that blocks the possibility of direct internet access.
To prevent physical intrusions, such as someone plugging a PC into an open Ethernet port on the edge router, an access control layer within the edge firewall blocks any unsanctioned traffic flowing from the LAN to the WAN. The final layer is real-time monitoring of the LAN, WAN and security functions.
Deployed in days, not months
The voting centers needed to be up and running securely for 11 days without technical staff onsite. With the new technology, the Sacramento County Elections Office can remotely assess the signal performance of wireless connections at each voting center, and if needed, send out a new antenna to enable stronger reception or switch to a different carrier on that modem.
With the new voting center model, anyone in the county might show up at a voting center. Now, county elections staff quickly and securely access centralized electronic poll books and other election systems to look up voters and determine if they have already voted and what kind of ballot they should receive.
For Sacramento County and other counties across California that are adopting the new voting-center model, choosing a flexible branch network solution with integrated cloud management, wired and multicarrier wireless connectivity along with multilayer edge security is a great approach.
Fast, secure and reliable connectivity -- with remote visibility and management – gives agencies the ability to respond quickly with fewer resources. This provides the peace of mind needed for a successful outcome. Now, the Sacramento County Elections Office is ready for the run up to the 2020 presidential elections.
Estee Woods is director of public sector & public safety marketing at Cradlepoint.