Election Security Spotlight – How Is Election Security Done?

An Overview of the Essential Guide to Election Security

The Essential Guide to Election Security (Essential Guide) was written with election officials in mind to provide guidance on the most recent threats and technologies impacting the elections community. It is relevant to the latest technology used by the election offices and the threats facing them, and it is available for export as a PDF on demand. As a web-based tool, updates can be made quickly to include best practices to meet the ever-changing threats in the environment.

The Center for Internet Security (CIS) has released the Essential Guide to Election Security to replace its March 2018 publication, A Handbook for Election Infrastructure Security (Handbook), after nearly five years of steady service.

Why It Matters

Making a plan for improving your security is hard. The Essential Guide to Election Security takes away most of that guesswork. It has three characteristics that the Handbook did not, and we think this greatly improves its usability for the community. These characteristics are:

  1. Prioritizing best practices based on data from attacks that have occurred in the real world including physical security threats, intimidation, and doxing.
  2. Including a maturity model so everyone from beginners to experts can find guidance that fits their jurisdiction’s needs. The Essential Guide gives election officials different paths of implementation for any given best practice based on their capabilities and resources.
  3. Providing more dynamic guidance with many more links to tools (many of which are free) and other helpful information to get more secure outcomes faster.

What You Can Do

Use the Essential Guide to chart a path to better security!

Part of the Essential Guide is to prioritize the cyber defenses that are most effective based on real-world data.

Those with limited resources and technical capabilities are generally at Level 1 maturity and should start by completing the Level 1 Worksheets. They cover:

  1. Inventories
    1. Enterprise Assets
    2. Software Assets
    3. Service Providers
    4. Accounts
    5. Data
  2. Asset Protection
  3. Account Security
  4. Backups
  5. Incident Response
  6. Education and Training

Those with more resources and capabilities will be at Level 2 or Level 3 and should start with the Level 2 and Level 3 priorities.

Where to find it

For more information please check out the The Essential Guide to Election Security!