TMCnet News

CIS Publishes Handbook to Help Secure U.S. Elections Infrastructure
[March 19, 2018]

CIS Publishes Handbook to Help Secure U.S. Elections Infrastructure


EAST GREENBUSH, N.Y., March 19, 2018 /PRNewswire/ -- At a launch event held on March 15, 2018 at the University of Maryland's School of Public Policy, non-profit CIS® (Center for Internet Security, Inc.) ­– in collaboration with federal agencies, state and local officials, vendors, academia, and other nonprofit organizations – announced the publication of A Handbook for Elections Infrastructure Security, to help elections officials and their technical support teams defend the systems and networks vital to our functioning democracy.

"The elections officials' work to date has yielded a great deal of success protecting elections, but as threats evolve, continuous efforts are needed to make elections systems even more secure," said John Gilligan, CIS' Executive Chairman. "CIS' new handbook details best practices that are proven to lower risk for IT systems. In most cases, elections systems will have already implemented many of these best practices. Also, the handbook will permit officials to identify and prioritize future work as well as to effectively allocate scarce resources," he added.

Numerous distinguished elections officials were in attendance at the UMD event, including Connie Lawson, President of the National Association of Secretaries of State, and Indiana Secretary of State; Robert Kolasky, Department of Homeland Security's Acting Deputy Under Secretary for the National Protection and Programs Directorate; Amy Cohen, Executive Director, National Association of State Elections Directors; Matt Masterson, Commissioner, U.S. Elections Assistance Commission; Thomas Connolly, Dir. of Election Operations, New York State Board of Elections; and Dr. Robert C. Orr, Dean, University of Maryland School of Public Policy.

About the Handbook
Presenting at the launch event was Dr. Mike Garcia, who has held positions at DHS and NIST and was the primary author on A Handbook for Elections Infrastructure Security, who adds, "The elections community has been working for decades to protect elections, but more recent cybersecurity threats present challenges. This handbook provides a bridge between non-technical and technical information to help organizations prioritize efforts and maximize the impact of investments."

CIS' A Handbook for Elections Infrastructure Security has benefitted from extensive advice and numerous best practice examples from elections directors as well as state and local government technical experts.

A Handbook for Elections Infrastructure Security:

  • Includes details on 88 best practices
  • Identifies high and medium priority for those best practices
  • Addresses the different ways aspects of elections systems are connected to each other and the internet /li>
  • Addresses auditing, incident response planning and response, and contracting for services



Key Findings
In writing and developing this handbook, CIS verified that many elections organizations are highly focused on improving their infrastructure security and have a better security posture than commonly reflected in today's media reporting. While these organizations work to protect the whole of the elections process, there has been a substantial focus on voting systems – the actual vote capture or vote aggregation systems – and less on networked components like voter registration and election night reporting. All efforts to protect elections systems are extremely important, but CIS and its collaborators saw value in address the full set of risks impacting elections infrastructure in a holistic way.

The handbook reflects the reality that the most significant risks to voting infrastructure affect those components with network connections. Examples include many voting registration systems and election night reporting systems, both of which may carry substantial cybersecurity risks. These attacks can cause disruptions in the elections process and lead to a loss of public confidence in the integrity of the voting process. On the other hand, these risks are similar to those in other sectors with networked systems, and well-known mitigations exist.


A Handbook for Elections Infrastructure Security directly addresses these risks and challenges with actionable guidance to improve the security of state and local elections infrastructures by providing a set of best practices and controls to lower risk for IT systems.

Announcement of the Elections Infrastructure ISAC
Robert Kolasky from DHS also used the University of Maryland event to announce the establishment of an Elections Infrastructure Information Sharing and Analysis Center (ISAC). ISACs help member organizations collect, analyze, and disseminate threat data and provide the tools, resources, and guidance to address or remediate those threats. CIS has been tasked by DHS with establishing the Elections Infrastructure ISAC building on its ten-plus year experience in operating the Multi-State Information Sharing and Analysis Center® (MS-ISAC®). The new Elections Infrastructure-ISAC will serve the over 8,800 U.S. state and local elections jurisdictions providing early warnings of cyber system threats, security vulnerability and incident information sharing, and remote security monitoring, as well as education and training opportunities. Adds Gilligan, Chairman of CIS, "The Elections Infrastructure ISAC will significantly improve communications with and among the elections community as well as enhance the cyber defense tools and capabilities available to protect elections systems."

Moving forward
CIS and its collaboration partners have meetings with U.S. government and elections officials to distribute the handbook. A Handbook for Elections Infrastructure Security, as well as an implementation worksheet of the Best Practices to employ, are available free of charge at https://www.cisecurity.org/elections-resources/. A tool that can be used with the handbook to assess elections systems will be available to elections organizations in the next few weeks.

CIS and the MS-ISAC offer a number of services, tools, and resources to U.S. State, Local, Tribal, and Territorial (SLTT) entities, which includes state and local elections organizations. Many of these services are available as part of the free MS-ISAC Membership for U.S. SLTTs. Federal, state and National Guard resources may also be available to help U.S. election systems. U.S. SLTT and elections organizations should join MS-ISAC free of charge at https://learn.cisecurity.org/ms-isac-registration, and local elections officials are encouraged to join the Elections Infrastructure ISAC by visiting https://learn.cisecurity.org/ei-isac-registration.

About CIS
CIS (Center for Internet Security, Inc.) is a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats. Our CIS Controls™ and CIS Benchmarks™ are the global standard and recognized best practices for securing IT systems and data against the most pervasive attacks. These proven guidelines are continuously refined and verified by a volunteer, global community of experienced IT professionals. CIS is home to the Multi-State Information Sharing and Analysis Center® (MS-ISAC®), the go-to resource for cyber threat prevention, protection, response, and recovery for U.S. SLTT government entities. To learn more, visit CISecurity.org or follow us on Twitter: @CISecurity.

Contact: Barbara Ware
[email protected]
518-526-4525

 

 

Cision View original content with multimedia:http://www.prnewswire.com/news-releases/cis-publishes-handbook-to-help-secure-us-elections-infrastructure-300615573.html

SOURCE CIS


[ Back To TMCnet.com's Homepage ]