voting scrutiny (Bakhtiar Zein/Shutterstock.com)

INDUSTRY INSIGHT

Could Colorado’s election security unit serve as a model for other states?

Colorado’s Secretary of State Jena Griswold recently announced that her administration would launch a Rapid Response Election Security Cyber Unit, or RESCU for short. The goal of the unit, composed of highly trained election security specialists, is to protect the state’s elections from cyberattacks and interference from nation states as well as respond to any issues that arise during the process. As the RESCU announcement put it, the unit is “charged with securing Colorado’s elections by assisting counties with their cybersecurity in the field and combating cybersecurity incursions and disinformation.”

Looking back at the 2016 elections, which were teeming with misinformation campaigns and confirmed Russian meddling, Colorado is taking a positive step toward ensuring greater election integrity. I believe other states should take note and consider a similar approach, especially as they face resource constraints as a result of the coronavirus pandemic.

Besides much publicized voting challenges -- from outdated, vulnerable voting machines, to mail-in ballots and the manipulation of social media to share misleading information -- voter registration databases could be the target of ransomware attacks in the run-up to the election, killing confidence in the outcome. These are tangible risks, and according to an article by Reuters, “the local governments that store and update voter registration data are typically ill-equipped to defend themselves against elite hackers.”

Even as congressional funds are available for states to replace outdated, vulnerable machines and lawmakers work to ensure reliable mail-in voting, we’re seeing a long term underinvestment from the federal government. There are a few exceptions, one being work funded by the Defense Advanced Research Projects Agency, which awarded $10 million to Oregon-based company Galois in March 2019 to create a new voting machine from the ground up. With the wider goal to building an open source model for developing secure and resilient hardware, this effort represents the kind of investment and activity the voting system badly needs, but as it stands, it is too little too late.

Mail-in ballots may be a reasonable, safe path forward in the short term, but longer term, a few things must happen. Existing machines must be replaced with more modern units that employ methods that allow the unit to be monitored when atypical or likely adversarial behavior occurs.

Government entities must also standardize and improve their email security posture. While the voting machines are only rolled out periodically, continuously used state and local email is often left unprotected. If local governments are compromised by an email phishing scam or malware, hackers could move laterally through their networks and gather sensitive information about the agency and citizens. This opens the door to bad actors spreading misinformation and manipulating voter registration data, potentially impacting election integrity. To prevent this type of attack, local governments should be running adaptive authentication, which uses behavior analytics to help detect the use of compromised credentials.

While Colorado’s effort to protect the integrity of the voting system will be judged after the election when we can see whether the state’s efforts have successfully modeled how to preserve voting integrity, its plan to fight cyber attacks and disinformation is a very positive step that we hope other states will follow.

About the Author

Stephen Moore is vice president and chief security strategist of Exabeam Inc.

Featured

  • Pierce County

    CARES dashboard ensures county spending delivers results

    The CARES Act Funding Outcomes Dashboard helps Pierce County, Wash., monitor funding and key performance indicators for public health emergency response, economic stabilization and recovery, community response and resilience, and essential government services.

  • smart city challenge

    AI-based traffic management improves mobility, saves fuel, cuts pollution

    Researchers are developing a dynamic feedback traffic signal control system that reduces corridor-level fuel consumption by 20% while maintaining a safe and efficient transportation environment.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.