Elections and election-related security continue to be an issue in the United States and should remain a focus for all state and local governments.
As seen by the recent issues with the Iowa caucuses and the app that was supposed to collect and transmit results, any election-related application, system or protocol should be thoroughly tested for both security and performance. Snags in the process have also raised questions about the app’s security.
Security and testing remain critical elements of preparedness
The integrity and security of applications such as those deployed in Iowa are fundamental to the underlying integrity of elections and related results. Both governments and businesses that support governments should be highly focused and vigilant with respect to the performance and security of such applications.
Governments should decide how to handle data
In addition to cybersecurity, governments should have policies and procedures with respect to data governance and how data is handled. As governments continue to both collect and actually create data, how this data is handled will be considered a fundamental obligation for governments. This obligation, while very complex, falls into several steps.
- First, understand what data is being handled and created. After that, determine the required level of privacy and security for such data.
- Next, an assessment can be undertaken to ensure that the policies, procedures and protocols in place are sufficient to protect all data, whether at rest or in transit.
- Lastly, all governments need to continuously monitor their systems and data to ensure their integrity. The threat landscape is constantly changing and how data is protected should also continuously evolve.
Sample standards for state and local governments
The U.S. Department of Defense (DoD) recently released version 1.0 of the Cybersecurity Maturity Model Certification (CMMC). While only applicable at the current time to suppliers and contractors in the DoD supply chain, CMMC, which is based on the NIST 800-171 cybersecurity standards, provides some good cybersecurity guidelines for state and local governments.
While the miscues in the Iowa caucuses are front and center in the national news, all elections and election-related activities, no matter how big or small, should be top of mind for all governments and governmental agencies.