Q: Election security has been a priority issue for several years now, including the security of voting devices as well as back-end management systems. How has this conversation evolved as a result of the disruptions over the past year and a half?
In a way, the election management industry has been concerned about cybersecurity for years and has been working diligently on it. I think what happened after the last presidential election is that other election-related industries and the general public are thinking more about election cybersecurity. In the field of election management, people know that the most likely weaknesses are phishing attacks through email or something that happens when someone makes a mistake. I think these things have been brought to the fore, and it has created a higher level of fitness and a better posture of security among the providers, partners and even the insurance providers that we deal with. It’s like everyone has suddenly gotten into shape to run the marathon we’ve been running for a while. Overall, this will lead to greater resilience.
Q: What are the best practices people can adopt to stay safe?
Many people now work in a hybrid or remote work environment, where they are not behind a firewall. They just have to think about security. There should be some basic training, a boot camp that everyone has to go through to learn the basics. Users must have very strong passwords and rotate them whether or not the systems they are on require it. They should basically treat every system as if it had a one month password expiration. Additionally, they should be careful about what they reveal about themselves on social media, how they respond or forward emails, and how they handle inside information. People need to be more diligent in identifying suspicious emails. Those who work remotely should have a workspace separate from family life. Overall, people should be careful about the information they reveal. A healthy healthy dose of paranoia will help us here.
Q: How can teams strengthen cybersecurity for elections in remote and hybrid work environments?
In the past, organizations performed self-assessments and created a number of policies on how to deal with equipment, incident management, etc. They wrote those 300-page Word documents and then got a third-party audit of the ongoing process. The bar has been raised and listeners want to see more details. So a recent trend that we are seeing is the emergence of compliance as code, infrastructure as code, policies as code. The basic idea is that your policy documents are less static and that they are processed and managed with the change control processes used by software developers. It’s ultimately more fluid and transparent.
Q: What should states and communities keep in mind when approaching cybersecurity recruiting?
It has always been competitive. And sometimes it’s hard to hire someone with a specific specialty, with the right culture. I think government entities should present themselves as organizations that care about the public and where people can actually work on something that is going to help society or maintain peace and order. Government institutions need to realize that they really have a competitive advantage in attracting people.
EasyVote Solutions provides software applications that streamline the processes behind holding successful elections. Our mission is to use technology to modernize the electoral process. EasyVote customers are city, county, and state election offices currently located in more than 20 states across the United States. Our customers find the EasyVote election management platform to excel in the following areas: reducing the time it takes to complete election tasks; improving communication and accuracy between election officials and workers; and provide data, enabling election officials to make intelligent and informed decisions.