Image

Image

The Iowa Caucuses
First up in the primary season is a (some would say) antiquated process that isn’t really a primary at all but rather something called a caucus. We’re all familiar with a typical primary. You go to the polls and vote like a sane human being. A caucus is a cat of a different flavor. Before voting, those who want to make their voice heard gather around the state in a series of smallish precinct meetings (there are 1,700+) and try to come to a conclusion on which candidate each precinct supports.Image

Los Angeles Gives it a Whirl
Prior to the 2020 primary, Los Angeles County, the most populous county in the nation with more voters than 42 states, relied on an antiquated paper voting system straight out of the 1960s. Literally. It was deployed in the 1960s. This election would be the coming-out party for a $300 million new system that had been 10 years in the making. What could possibly go wrong? In this case, the system worked fine, but the process was completely unprepared to handle the number of people who wanted to vote. There were pinch points along the way. Specific problems such as long lines and too few Spanish-speaking election workers contributed to a situation where some voters queued for as long as three hours to make it to the front of the line. The actual voting process went well, and in the opinion of many, it was a vast improvement over the old system. Don’t be surprised if this process becomes a state and national model minus the screwups. Were there security concerns? Of course. There will always be security concerns. While some new voting systems are connected to the internet, popular cybersecurity software like VPNs don’t provide ironclad protection since there are still unaddressed vulnerabilities at a network’s endpoints. The good news is that the LA County election machines are not connected and thus, unlike the app used in Iowa, harder to hack.Image

The Future of Elections
From a quick review of the recent Iowa and Los Angeles primary elections, it’s obvious that there are a few areas that need greater focus going forward. The first is simply the logistics of resolving election day pinch points so everything flows smoothly. Second is to have a system ready way ahead of time (LA did this, Iowa didn’t) to permit a thorough testing period. Lastly, and perhaps most importantly, is to have adequate security measures, both physical and cybersecurity. You need to be able to prevent the possibility that election officials could tinker with votes as well as keeping out any hackers in the mood to cause a little chaos. While we’re still in the early phases of figuring out the best way to secure elections, here are some areas where the effort will focus.Partnerships
Securing elections effectively shouldn’t be left to state or local governments alone. The federal government and private companies need to be part of the process, as well. It’s the only way we can ever secure the entire election infrastructure, which is more complex than some might realize and includes:- Voter registration databases
- Necessary IT systems to manage counting, auditing, and displaying results, as well as post-election certification and validation
- Voting systems and support infrastructure
- Storage facilities for voting machines
- Polling location security, including early voting
Security Strategy
When it comes to the actual security strategies involved, the software, apps, utilities, and methods are no big secret. They are used by security experts around the world every day and include:- Cybersecurity Advisors/Security Advisors: Experts should be available at every level (federal, state, local, private) to provide on-demand advice and assistance with cyber and physical threats.
- Cybersecurity Assessments: These would include, but aren’t limited to, cyber hygiene scanning, risk, and vulnerability assessment and cyber resilience reviews. Detection and Prevention: Implementation of cutting edge software for threat detection and elimination.
- Incident Response: In the event of a breach, the response should be pre-planned, thorough, and immediate.
- Ongoing Cybersecurity Training and Education: This should likely come from the federal government.
Final Thoughts
For those who think elections can ever be completely and utterly secured, you’re deluded. That reality is no more likely than achieving peace on earth. But that doesn’t mean you shouldn’t try and can’t make progress. The battle between hackers and cybersecurity experts will never end because there are smart, creative warriors on both sides. As soon as one side deploys a new strategy, the other side makes a move to even it up. Attackers will always have a slight advantage over defenders, but that’s life. Let’s raise a slice of toast to fair elections! Everyone should be in favor of that.Image
