Part 5: Beyond Procurement
Most election officials aren’t experts in cybersecurity. Fortunately, most states have developed approaches to assist election officials that are not as proficient in securing election technology and infrastructure.5 Additionally, organizations like CIS, Harvard’s Belfer Center, and the Department of Homeland Security’s Election Infrastructure Subsector Government Coordinating Council (EIS-GCC) produce resources that can help with these cybersecurity decisions.
Following the recommendations in this guide will improve security outcomes in your procurements. Still, you must also have processes in place that will maintain the assurance you gained in the procurement process. Here’s a simple example: you need USB sticks to program your voting machines. You follow all the appropriate recommendations for making such a hardware procurement, and from that perspective you’ve done everything right. But how you manage those USB sticks from the time you sign off on the package until you’ve put them in your election management system and subsequently into each voting machine will impact your outcomes as much as the initial purchase.
For this reason, your overall IT security approach must combine quality procurement practices with operational security, such as by coupling this guide with the CIS resource, A Handbook for Elections Infrastructure Security.
Information Hub : Elections Resources
Media mention • 24 Feb 2020
Media mention • 20 Feb 2020
Media mention • 13 Feb 2020
Blog post • 13 Feb 2020