New Guidance to Secure Election Management System Machines
Systems that aid in the process of election management are essential to maintaining order, efficiency, and fair and transparent democratic process.
Election management systems (EMS) help organizations such as the U.S. Electoral College plan, manage, and run elections on a state or local scale. An EMS handles many of the critical backend activities required to run an election. These can include building ballots, programming the election database, reporting results, and ballot tracking. EMSs are generally well protected and are typically fully isolated from the internet, factors which help mitigate many cyber risks. However, it's important to put special protections on the machines that, through removable media, exchange data with the EMS.
To support the integrity of elections and address feedback from the community, the Center for Internet Security (CIS) developed a new CIS Benchmark that offers added protection for EMS gateway machines, with special guidance to mitigate the risk of malware. CIS is pleased to announce the release of the CIS Microsoft Windows 10 EMS Gateway Benchmark. This new CIS Benchmark is a security-enhanced version of the Windows 10 Benchmark. It's tailored for deployment on Windows 10 machines with special security requirements because they are used to transfer data from a network or across the internet onto the removable media that crosses the air gap to the EMS.
This blog will explain what the CIS Benchmarks are, why they are important to the election community, and how they help defend against common threats.
What are the CIS Benchmarks?
CIS Benchmarks are configuration guidelines that help users secure operating systems, servers, cloud services and platforms, mobile devices, desktop software, and network devices against today's evolving cyber threats. Benchmarks are available at no cost in PDF formats, with additional file formats (XCCDF, Word, Excel, and more) available to CIS SecureSuite Members.
Although a number of factors have led the CIS Benchmarks to become trusted guidelines for a variety of industries, the way they're developed is also important. CIS leads communities of experts that drive the development and maintenance of the CIS Benchmarks. What's particularly notable about these communities is that they create the guidelines through a consensus-based process. Every community member can weigh in on the discussions and participate in the final release. This ensures the configuration recommendations go through a comprehensive vetting process. The CIS Microsoft Windows 10 EMS Gateway Benchmark was developed with the support of the Democracy Fund.
How are CIS Benchmarks Unique to Other Frameworks?
The CIS Benchmarks don’t just tell you what to configure; they tell you why you should do so. They provide extensive detail on each recommendation including a description, rationale, audit, impact, mapping to CIS Critical Security Controls, and more. The CIS Benchmarks are an actualization of the expertise from the communities that build them. You not only get access to the step-by-step instructions to securely configure your system, but also an understanding of how the settings can impact the usability of that specific technology.
The CIS Benchmarks also bring unique value to the cybersecurity community because they:
- Provide vendor-neutral, technology-specific recommendations
- Detail the necessary steps to securely configure a system
- Can help meet compliance to PCI DSS, FISMA, and more, and are recognized as an acceptable standard to help meet compliance with those standards
- Map to the CIS Controls
How the CIS Microsoft Windows 10 EMS Gateway Benchmark Helps Your Election Entity
To ensure this Benchmark addresses top concerns for election environments, we gathered requirements directly from the community, solicited feedback from a working group during the development process, and tested it both in the lab and within live election environments.
One of the top concerns for today's election officials is the rising threat of malware against election environments. This is why we included various recommendations in this Benchmark to prevent and reduce the impact of malware. For example, this Benchmark recommends:
"220.127.116.11.2 Ensure 'Allow Secure Boot for integrity validation' is set to 'Enabled.'"
Secure Boot ensures that only firmware that is digitally signed by authorized software publishers is loaded during computer startup, which reduces the risk of rootkits and other types of malware from gaining control of the system. It also helps provide protection against malicious users booting from an alternate operating system.
In addition to using a secure baseline configuration for Windows 10, some of the added security measures in this Benchmark include:
- Limitations on browser activity
- Limitations on Wi-Fi, cellular, and Bluetooth connectivity
- Allowlisting of IPs to limit external connections
- Allowlisting of removable media to prevent the use of unauthorized external devices
You can assess the implementation of this Benchmark and many others, with the automated content in the CIS Configuration Assessment Tool, CIS-CAT Pro. This tool is available through CIS SecureSuite Membership, which is offered at no cost to all Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC) members. The complex IT infrastructure of the election environment and the proliferation of threats against it, make careful management of machines all the more important.