Security

Why Securing Elections Requires a Little Bit of Zero-Trust

States should see election cybersecurity as a year-round effort and move toward zero-trust security models to shore up voting systems.

Herb Thompson

Herb Thompson, a state and local government and education strategist for VMware, worked in IT for over a decade for the state of Wisconsin, most recently serving as its deputy state CIO.

As the country digests the results of this year’s midterm elections, the concerns that were raised about the potential risk of cybersecurity threats to our voting systems remain. This year, Congress passed the Consolidated Appropriations Act of 2018 to make nearly $400 million available to the states to improve their administration of federal elections.

I’ve met with secretaries of state, state IT leaders and local government officials across the country who were intensely focused on how to use this assistance to shore up election systems cybersecurity.

Having served in state IT leadership for much of my career, I know how important it is to spend resources wisely and emphasize solutions that address the core issues of a challenge, versus simply applying a Band-Aid to solve it. Because our voting system is multifaceted, potential solutions to the election security challenge require a deeper focus on infrastructure. Even though the election is over, states should see election security as a year-round effort.

State-by-State Election Vulnerabilities Are Distinctly Similar

States are the architects and supervisors of their respective election systems, and they execute this important constituent service in varying ways. Some states vote exclusively by mail, while others rely exclusively on electronic voting machines. Other states have a combination of voting options available to constituents in different localities.

Regardless of how or when states collect votes, they use similar technology for voting infrastructure. Like other constituent services, state agencies store, manage and monitor voter identification data electronically.

States run websites which house voter resources, often including calendars and polling locations. Voter registration can be done electronically in many parts of the country or through agencies such as the state’s department of motor vehicles. Government employees who input new registrations by mail or paper still must process them using computers and networks.

This means the election system has many components that are vulnerable entry points. Most states are aware of these realities and are focused on three areas: reducing online election systems vulnerability, enhancing security for Election Day operations and providing cybersecurity training for employees.

That’s a good start, but we also have to remember that while states oversee their elections centrally, they rely heavily on local counties and municipalities to administer them. If, for example, local administrators are working on unsecured or untrusted devices or networks, or have their credentials stolen, then the system remains open to great risk.

Focusing on the system at the state level alone is not a security strategy that covers all aspects of local voter record administration. It’s important to have a comprehensive, risk-based security strategy that protects the physical locations and devices people use to vote on Election Day while securing the myriad components of the state and local election system year-round.

States Should Trust No One and Verify Everything

Traditional IT security models rely on an impermeable perimeter around data centers. However, today’s cybersecurity threats are too persistent and sophisticated for traditional countermeasures. Security experts now recommend implementing a next-generation security model, called zero trust, to preserve all layers of the IT infrastructure.

Least-privilege and zero-trust IT protocols allow governments to maintain credentialing for key systems. In the case of elections, critical parts of the voting system would be made available only to election administrators.

Least-privilege and zero-trust security protocols ensure that individuals and networks who don’t need (or aren’t authorized for) access to certain data or work applications won’t be able to access them. State election officials can require hard-line credentials for any election administrator or application to access the voting infrastructure, and that access would be limited to only the information or program needed to fulfill their role in overseeing the election.

Validating those credentials would not be as simple as flashing a badge. A series of validations would verify that the user is who they say they are, that their intended use is authorized and that they are allowed to take that action from the device they’re using and the location they’re attempting to use it in.

Zero-trust protocols underpin the entire voting infrastructure and must be built directly into the infrastructure to secure all user endpoints, as well as any critical data stored on-premises or in the cloud. They’re scalable — passed to mobile devices and applications and compatible with measures like multifactor authentication — allowing administrators to register voters or oversee poll locations. Microsegmentation builds scalable security perimeters into election networks, so everyone accessing information through them —whether state overseers or local administrators — do not pose unexpected risks to the full system.

End-to-end security systems with zero-trust models enhance cybersecurity readiness regardless of a state’s voting method or time frame. Zero-trust principles will protect the infrastructure in vote-by-mail states, such as Oregon and Washington, just as well as they do states reliant on voting machines, such as Nevada and Georgia, and they’ll maintain the integrity of our elections every day of the year — not just on Election Day.

lisafx/Getty Images