This is a summary of an article written for Government Technology by Jim Richberg, Field CISO at Fortinet focused on the U.S. public sector. The entire article can be accessed here.
Compared to other significant IT issues, election security poses unique challenges given the importance of public confidence in electoral integrity. Voter behavior is changing to adapt to new challenges brought on by COVID-19, which has put additional strain on existing election systems. Additionally, the pandemic has had an enormous impact on state and local government revenue and resources, and the increased demand for absentee/mail-in voting has led to increased costs, complexity, and heightened security risk.
Elections are essential services that must be provided despite budget restrictions, and the process will need to be secured regardless of the resources available. Election officials have a responsibility to ensure that all registered voters are able to cast their ballot, in addition to reporting election outcomes quickly and accurately. To meet these demands, election offices today typically rely on computerized systems and software to facilitate various aspects of running an election and voter registration. While these solutions can help streamline the process, they can also create opportunities for sophisticated adversaries attempting to disrupt or alter the outcome of an election.
To address this risk, election officials must determine whether their election systems – which include various hardware, software, networks, and business processes – will be able to secure a dramatic surge in mail-in voting. If existing systems need to be updated, what steps can IT and election officials take to accommodate the changes without compromising affordability or security?
Given that an increasing number of states have adopted voting by mail as their default option, and others have made it available on request, more voters are eligible for mail-in voting than ever before. A mail-in voting operation of this size is an involved process that requires the use of dedicated direct mail fulfillment centers for sending outgoing ballots, as well as facilities in each jurisdiction for processing, tracking, and storing returned ballots securely.
To generate timely and accurate results, new automated equipment and software may be required depending on the volume of mail-in ballots. These updated tools can also assist with the critical process of “signature curing,” which involves comparing signatures found on the inner envelope to other authenticated signatures on file.
The nationwide increase in mail-in voting capabilities is expected to cost a minimum of $2 billion, and local governments will be expected to bear most of these costs, despite recent cuts to their budgets due to COVID-19.
For states that only require a ballot to be postmarked and in transit by Election Day, the increase in mail-in voting puts a greater cost on real-time data de-confliction and reconciliation. Some voters may opt to cast in-person despite having requested an absentee ballot. Election systems should segregate these as provisional ballots, relying on the synchronization between a state’s voter registration database and local records of mail-in ballots returned to adjudicate whether the in-person ballot is a duplicate vote. Such provisional ballots must remain sealed and segregated while their eligibility to be counted is determined. Network and data synchronization will be crucial, and additional personal identifying data may be required in instances of problematic mail-in ballots.
Automation is expected to play an important role in election officials’ ability to successfully do more with less. Luckily, there are many innovative and well-established IT options that can help ease the strain brought on by the expansion of mail-in voting. For example, networking and productivity can be dramatically improved with secure cloud services and software-defined networking solutions such as SD-WAN and SD-Branch. The applications of these technologies extend beyond government election IT purposes; they are also cheaper, more flexible, and help to provide an enhanced user experience.
Those looking to improve efficiencies while working within a limited budget should look for dual-use or multipurpose IT solutions. A fully integrated technology solution, such as Secure SD-WAN, combines security and networking into a single technology solution. These options offer the best of both worlds, enabling high performance and the secure transmission and storage of critical election data. That said, some functions, like endpoint security or multifactor authentication, are primarily related to security applications. Another important step is to facilitate cybersecurity awareness training, as it adds an additional layer of security to help protect investments.
Election security is absolutely essential, and since you’re likely working with limited access to resources, it’s important to prioritize your security investments rather than attempting to address everything at once. The first step is to mitigate the risk and overall impact of non-recoverable errors such as missing ballots. Alternatively, issues such as a recount needed because of discrepancies in tallies is a recoverable error, assuming you have the underlying data to generate an accurate and repeatable count. The key to risk management is to balance resolvable but potentially, high-profile and reputation-damaging outcomes with those that have serious consequences and cannot be reversed.
Identifying the issues that warrant changes in procedure, technology, or location is another critical step. Ask yourself if your current system can handle a high volume of paper ballots, and whether new automated capabilities will be necessary for reporting results in a timely manner. Determine when it is more effective and cost-efficient to shift to a cloud-based solution rather than adding additional servers and bandwidth to the on-premises facilities’ current configuration.
Start by finding an experienced, trusted adviser with expertise in your core issues and technology who understands your environment and the available options. This needs to not be an individual, and in fact is likely to consist of a team of people who specialize in various areas, including those who know the local legal and regulatory requirements and election system technology, in addition to those having technical expertise in cybersecurity solutions.
While any election comes with budgetary constraints and challenges, this year has posed a wide range of unforeseen challenges related to the rise of mail-in voting as the budget crisis and public health concerns associated with COVID grow. Elections are a widely accepted as free and fair are fundamental to our identity as a nation, thus, failure is not an option. So as long as election officials at every level understand the factors they must face, they can make informed decisions about risk management and apply technology to ensure that a fair election can occur, even amid the challenges introduced by COVID-19.
Learn more about how state and local government cybersecurity helps protect digital assets and critical infrastructure against growing advanced threats.