NuHarbor Security
  • Solutions
    Solutions
    Custom cybersecurity solutions that meet you where you are.
    • Overview
    • Our Approach
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • By Business Need
      • Identify Gaps in My Cybersecurity Plan
      • Detect and Respond to Threats in My Environment
      • Fulfill Compliance Assessments and Requirements
      • Verify Security With Expert-Led Testing
      • Manage Complex Cybersecurity Technologies
      • Security Monitoring With Splunk
    • By Industry
      • State & Local Government
      • Higher Education
      • Federal
      • Finance
      • Healthcare
      • Insurance
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Services
    Services
    Outcomes you want from a team of experts you can trust.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Security Testing
      • Penetration Testing
      • Application Penetration Testing
      • Vulnerability Scanning
      • Wireless Penetration Testing
      • Internal Penetration Testing
      • External Penetration Testing
    • Assessment & Compliance
      • CMMC Compliance
      • NIST 800-53
      • HIPAA Security Standards
      • ISO 27001
      • MARS-E Security Standards
      • New York Cybersecurity (23 NYCRR 500)
      • Payment Card Industry (PCI)
    • Advisory & Planning
      • Security Strategy
      • Incident Response Planning
      • Security Program Reviews
      • Security Risk Assessments
      • Virtual CISO
      • Policy Review
    • Managed Services
      • Curated Threat Intelligence
      • Managed Detection and Response (MDR)
      • Sentinel Managed Extended Detection and Response (MXDR)
      • SOC as a Service
      • Splunk Managed Services
      • Tenable Managed Services
      • Vendor Security Assessments
      • Vulnerability Management
      • Zscaler Support Services
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Partners
  • Resources
    Resources
    Explore reports, webinars, case studies, and more.
    • Browse Resources
    • Consultation Icon Consult with an expert
    • Blog icon Blog
    • Podcast icon Podcast
    • Annual SLED CPR icon Annual SLED CPR
    • Downloadable Assets icon Downloadable Assets
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Company
    Company
    We do cybersecurity differently – the right way.
    • Overview
    • Data Icon Resources
    • Consultation Icon Consult with an expert
    • Leadership
    • News
    • Careers
    • Contact
    Report 2023-2024 SLED Cybersecurity Priorities Report
    2023-2024 SLED Cybersecurity Priorities Report
    Read Report
  • Consult with an expert
  • Client support
  • Careers
  • Contact
1.800.917.5719
NuHarbor Security Blog
    • Compliance
    • Cybersecurity Technology
    • Security Operations
    • Industry Insights
    • Security Testing
    • Advisory and Planning
    • Application Security
    • Managed Detection and Response
    • Threat Intelligence
    • NuHarbor
    • Managed Services
    • Cyber Talent
November 2, 2023

Safeguarding Democracy: The Role of Data Security in Elections

Justin Fimlaid Justin Fimlaid

In a time of growing political polarization, election results hold the power to alter policies, programs, laws, and in some cases, the trajectory of our lives. The stakes have never been higher.  Jim Condos, the former Secretary of State in Vermont, sees it this way, "Your vote is your voice, and what we're all looking for is a free, fair, and accurate election process." 

In this blog, we look at the challenge of achieving secure elections.  “It’s a race with no finish line. Cybersecurity is ongoing; it never ends. What you see today is going to be different tomorrow,” says Condos.   

Election tech ecosystem

Election security involves a multitude of complex systems, including website hosting, electronic voter registration, paper ballots, mail-in voting, early voting, and voting tabulators. These systems have evolved, bringing both convenience and complexity to the electoral process.

In the modern electoral landscape, technology, algorithms, polls, and the challenge of disinformation all wield significant influence. Casting a vote isn't simply about turning up at the polling station; it's about the intricate web of data and technology that shapes voters' choices on the ballot, and the systems in place to get that vote tabulated and reflected in the results. 

Technology can unlock voter access, or obstruct it

On one hand, technology enhances voter engagement, providing crucial information about polling locations, hours, deadlines, and drop-off locations. On the other, it can influence voters with misinformation about candidates and issues, thanks to online algorithms shaping what we see. The internet is where people go for information, and finding ways to safeguard the integrity of that data is the challenge.

In a climate where sensational content is rewarded by clicks and views, and with the absence of legislation against false information, it becomes the voter’s burden to discern fact from fiction.

Protecting the systems around the vote 

Election security encompasses a multitude of intricate systems, from website hosting to electronic voter registration and paper ballot tabulators, all demanding stringent security measures. Regular testing, monitoring, intrusion detection systems, firewalls, and data backups are some of the essentials to maintain the integrity of these systems. 

Jim Condos highlights the significance of preventative measures, recommending daily backups to minimize data loss in the event of an attack. “In 2016, the Russians learned they couldn't change votes, but they could tamper with voter registration data. Having a daily backup kept us on top of any unusual changes.” He also shared a best practice for cross-referencing paper ballots in a post-election audit. “Every single vote has a paper ballot to match it and this provides an extra layer of security.”

Watch an on-demand recording on election security practices here.

 

Communication and incident response 

Clear communication and well-defined incident response procedures are crucial. In the case of results reporting, if third-party software providers are involved, they should be included in incident response plans. Collaboration between state and local election districts is also key. Having Standard Operating Procedures (SOPs) in place ensures everyone knows how to respond when an incident occurs. 

When Condos saw Russian attempts to infiltrate his system, he went right to CISA and within the hour an alert went out to all 50 states to look for similar attacks. Keeping national organizations like the Cybersecurity and Infrastructure Security Agency (CISA) in the loop helps keep attacks from spreading. Attack attempts should be reported to the Federal Election Commission (FEC), social media platforms, news outlets, and local election officials. 

Election security is a shared responsibility

Government Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) play pivotal roles in creating and maintaining a secure election environment. Their responsibilities include risk assessment, cybersecurity training, regular security audits, disaster recovery planning, and fostering collaboration with various stakeholders.

But safeguarding election data is a shared responsibility, encompassing election officials, government CIOs, CISOs, and the public. Often, voter data comes from other agencies such as the Department of Motor Vehicles or the Department of Transportation. Protecting voter information may need to include a whole state government approach. By implementing robust cybersecurity measures, maintaining transparent processes, and implementing voter verification protocols, we can ensure that every vote contributes to a secure and resilient democracy. Finally, report misinformation when you find it to stop the spread.

Resources you can use 

The protection of election data has become more critical than ever, given the weight of what an election result can mean for a community or country. If you’re looking for a confidence boost in your methods for securing election technology, review these resources:

NIST Guidelines: The National Institute of Standards and Technology (NIST) released guidelines for a roadmap to help election officials prepare for cyber threats during elections. You can check out these best practices here.  

CISA Cybersecurity Toolkit: The Cybersecurity and Infrastructure Security Agency (CISA) has compiled a toolkit to help state and local government officials, election officials, and vendors enhance the cybersecurity and cyber resilience of U.S. election infrastructure.

Assess your Risk: Use tools like the Election Security Risk Profile Tool developed by CISA and the U.S. Election Assistance Commission (EAC).

DHS's Multi-State Information Sharing and Analysis Center (MS-ISAC): MS-ISAC offers cybersecurity resources, including free security awareness materials and guidelines specifically tailored for state and local governments.

Advice to share with voters

Make sure your constituents know that not all news stories are from credible sources. A tip for people seeking election information online or in social media feeds, is to take a quick look at the domain linked to the story. For example, if the URL ends in .ru (Russia) or .cn (China) but the story is about an election or event that’s not happening in Russia or China, exercise healthy skepticism as these domains often represent less sophisticated actors.

It's also crucial for media consumers to know how to distinguish between opinion pieces and factual reporting so they are aware when they are reading biased information. Opinion pieces typically adopt a first-person perspective and may feature "op-ed" in the heading.

We encourage security leaders and their constituents alike to explore free cybersecurity training resources to know when they’re hit with misinformation or worse, phishing emails around campaign donation requests. Numerous reputable organizations and online platforms offer comprehensive cybersecurity courses. One such example is Cybrary, a platform renowned for its collection of free courses and resources on a wide array of security-related topics.

NuHarbor is the go-to partner for state and local election security. Schedule a free consultation with a member of our team for guidance through election day and every other day of the year.  

Included Topics

  • Industry Insights
Justin Fimlaid
Justin Fimlaid

Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.

Related Posts

Industry Insights 5 min read
The Center of Security Operations Is Your Data, Not Your SOC
Read More
Compliance 3 min read
10 Application Security Authentication Requirements Read More
Cybersecurity Technology 3 min read
What's the Difference Between Splunk Enterprise Security and Security Essentials? Read More

Subscribe via Email

Subscribe to our blog to get insights sent directly to your inbox.

Subscribe Here!

Latest Pwned episodes

Episode 200 - Reflections of Pwned...Until Next Time
April 03, 2024
Episode 200 - Reflections of Pwned...Until Next Time
Listen Now
Episode 199 - When a BlackCat Crosses Your Path...
March 21, 2024
Episode 199 - When a BlackCat Crosses Your Path...
Listen Now
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
March 08, 2024
Episode 198 - Heard it Through the Grapevine - Beyond the Beltway, 2024
Listen Now
NuHarbor Security logo
NuHarbor Security

553 Roosevelt Highway
Colchester, VT 05446

1.800.917.5719

  • Solutions
  • Services
  • Partners
  • Resources
  • Company
  • Contact
  • Privacy Policy
Connect
  • Twitter
  • Linkedin
  • YouTube
©2025 NuHarbor Security. All rights reserved.