Error message
In order to filter by the "in queue" property, you need to add the Entityqueue: Queue relationship.-
County NewsWith National Cybersecurity Awareness Month upon us and only weeks away from the 2018 elections, county officials can’t help but wonder: “How secure is our election system?” And let’s face it, there’s far more at stake than simply deciding upon a winning candidate — trust in government is behind every ballot.Election security: Building trust at the ballot box
-
County News Article
Election security: Building trust at the ballot box
With National Cybersecurity Awareness Month upon us and only weeks away from the 2018 elections, county officials can’t help but wonder: “How secure is our election system?” And let’s face it, there’s far more at stake than simply deciding upon a winning candidate — trust in government is behind every ballot.
As widely reported, we know that cybercriminals tampered with the 2016 election. This has led to discussions about how to secure voting in districts across the country, especially as they increasingly transition to digital processes. Recognizing that voting procedures are set by each state, there is no blanket regulation that would improve upon voter security throughout the nation.
Learn More
Download the Center for Internet Security and Handbook
Join the EI-ISAC
This year, the Election Assistance Commission handed out $380 million dollars targeted for states to use as they see fit. Most will agree that this initial funding didn’t come close to addressing the real needs of local governments — especially counties, which do the heavy lifting when it comes to local elections.
There are more than 8,000 jurisdictions across the country responsible for the administration of elections.
Cyberattacks have dramatically escalated in the past 2.5 years and have become more sophisticated and harder to detect and not limited to elections either. Since elections are entwined with trust, this is what is getting everyone’s attention these days.
There is some good news to report, and that is the availability and publication of the Handbook for Elections Infrastructure Security published by the Department of Homeland Security (DHS). funded by the Center for Internet Security (CIS).
This is a great resource that every public official should download and read (it’s free) and the list of contributors and reviewers is reassuring.
The primary goal of this handbook is to help improve the security of elections infrastructure as soon as possible, and ideally in advance of the 2018 elections, and establish a set of best practices that, with continual updates, support elections infrastructure security into the future.
The folks at CIS expect many elections systems will already incorporate the majority of these mitigations, allowing those jurisdictions to demonstrate a strong baseline. In that case, the handbook can assist in prioritizing for continual improvement and evolution.
While there is always the temptation to look for easy templates and solutions, the handbook does not recommend any single approach to managing election systems or developing and deploying any particular election systems technology.
Instead it recommends that election jurisdictions tailor their voting processes and systems to the needs of their voters and jurisdictional laws and requirements.
Developing a risk assessment is the best place to start. Just a few years ago, most strategies were aimed at eliminating any cyberattack through hardware and software solution defenses. Today no technology professional can guarantee 100 percent safety and immunity from cyberattacks and intrusions. We have come to accept the new reality that we can only mitigate risk and develop remediation strategies if and when something happens. As the CIS Handbook points out, it all starts with a top-level assessment of vulnerabilities and potential consequences to the elections systems infrastructure and by identifying network connectivity — devices or systems that work with other devices or systems to achieve their objectives — as the major potential vulnerability.
The reason is simple: Given an adversary with sufficient time and resources, systems that can be accessed via a network cannot be fully protected against compromise. There are ways to improve the security of network connected systems with additional controls, but the inherent complexity of network connectivity results in significant residual vulnerabilities. As shown, election systems are linked one way or another to other systems and it is where the transfer of information can also lead to points of extra risk.
Of course, many counties are dealing with outdated or unproven technologies. To make matters worse, they lack the technical expertise or lack the resources to bring in outside experts. Such obstacles, while not to be ignored, should not be offered as a blanket excuse for not acting with the resources you do have access to. Aside from the obvious network integrity and communications issues, the handbook offers some useful insights into the following:
Eligibility for an individual to register to vote;
Voter identity verification, unless specifically about the accuracy and availability of voter registration rolls;
Security of campaigns or campaign information systems; and
The accuracy of information about candidates or issues, including those conveyed using social media.
For election systems, this involves establishing trust in users, devices, software and processes. Many systems are “composed” or built up from a variety of commercial and purpose-built parts, device and software connected via processes and user actions. The results in security decisions about trust are made across many components and brought together at a system level. In other cases, key election system components or services functions are contracted out. This does not change the security responsibility for decision-makers, but forces them to think about how the desired security properties can be specified in contract language and service specifications, rather than implemented directly. The last of the three sections focus on:
1. A set of critical risk-mitigating activities from which all organizations can benefit,
2. Recommendations for best practices in contracting for IT services, and
3. A set of best practices in the form of recommendations and controls for network connected and indirectly connected devices, as well as for transmission of information.
The handbook should be required reading for all election officials and can serve as the basis for in-house training or at the very least meaningful discussion among the various stakeholders.
Better yet, the CIS created the Elections Infrastructure-ISAC and membership is free. Once signed up, you will receive timely information about what is happening in localities across the nation.
Let’s vote for being better informed and active. Everyone will benefit in the midterm elections.
With National Cybersecurity Awareness Month upon us and only weeks away from the 2018 elections, county officials can’t help but wonder: “How secure is our election system?” And let’s face it, there’s far more at stake than simply deciding u2018-10-15County News Article2023-04-11
With National Cybersecurity Awareness Month upon us and only weeks away from the 2018 elections, county officials can’t help but wonder: “How secure is our election system?” And let’s face it, there’s far more at stake than simply deciding upon a winning candidate — trust in government is behind every ballot.
As widely reported, we know that cybercriminals tampered with the 2016 election. This has led to discussions about how to secure voting in districts across the country, especially as they increasingly transition to digital processes. Recognizing that voting procedures are set by each state, there is no blanket regulation that would improve upon voter security throughout the nation.
Learn More
This year, the Election Assistance Commission handed out $380 million dollars targeted for states to use as they see fit. Most will agree that this initial funding didn’t come close to addressing the real needs of local governments — especially counties, which do the heavy lifting when it comes to local elections.
There are more than 8,000 jurisdictions across the country responsible for the administration of elections.
Cyberattacks have dramatically escalated in the past 2.5 years and have become more sophisticated and harder to detect and not limited to elections either. Since elections are entwined with trust, this is what is getting everyone’s attention these days.
There is some good news to report, and that is the availability and publication of the Handbook for Elections Infrastructure Security published by the Department of Homeland Security (DHS). funded by the Center for Internet Security (CIS).
This is a great resource that every public official should download and read (it’s free) and the list of contributors and reviewers is reassuring.
The primary goal of this handbook is to help improve the security of elections infrastructure as soon as possible, and ideally in advance of the 2018 elections, and establish a set of best practices that, with continual updates, support elections infrastructure security into the future.
The folks at CIS expect many elections systems will already incorporate the majority of these mitigations, allowing those jurisdictions to demonstrate a strong baseline. In that case, the handbook can assist in prioritizing for continual improvement and evolution.
While there is always the temptation to look for easy templates and solutions, the handbook does not recommend any single approach to managing election systems or developing and deploying any particular election systems technology.
Instead it recommends that election jurisdictions tailor their voting processes and systems to the needs of their voters and jurisdictional laws and requirements.
Developing a risk assessment is the best place to start. Just a few years ago, most strategies were aimed at eliminating any cyberattack through hardware and software solution defenses. Today no technology professional can guarantee 100 percent safety and immunity from cyberattacks and intrusions. We have come to accept the new reality that we can only mitigate risk and develop remediation strategies if and when something happens. As the CIS Handbook points out, it all starts with a top-level assessment of vulnerabilities and potential consequences to the elections systems infrastructure and by identifying network connectivity — devices or systems that work with other devices or systems to achieve their objectives — as the major potential vulnerability.
The reason is simple: Given an adversary with sufficient time and resources, systems that can be accessed via a network cannot be fully protected against compromise. There are ways to improve the security of network connected systems with additional controls, but the inherent complexity of network connectivity results in significant residual vulnerabilities. As shown, election systems are linked one way or another to other systems and it is where the transfer of information can also lead to points of extra risk.
Of course, many counties are dealing with outdated or unproven technologies. To make matters worse, they lack the technical expertise or lack the resources to bring in outside experts. Such obstacles, while not to be ignored, should not be offered as a blanket excuse for not acting with the resources you do have access to. Aside from the obvious network integrity and communications issues, the handbook offers some useful insights into the following:
Eligibility for an individual to register to vote;
Voter identity verification, unless specifically about the accuracy and availability of voter registration rolls;
Security of campaigns or campaign information systems; and
The accuracy of information about candidates or issues, including those conveyed using social media.
For election systems, this involves establishing trust in users, devices, software and processes. Many systems are “composed” or built up from a variety of commercial and purpose-built parts, device and software connected via processes and user actions. The results in security decisions about trust are made across many components and brought together at a system level. In other cases, key election system components or services functions are contracted out. This does not change the security responsibility for decision-makers, but forces them to think about how the desired security properties can be specified in contract language and service specifications, rather than implemented directly. The last of the three sections focus on:
1. A set of critical risk-mitigating activities from which all organizations can benefit,
2. Recommendations for best practices in contracting for IT services, and
3. A set of best practices in the form of recommendations and controls for network connected and indirectly connected devices, as well as for transmission of information.
The handbook should be required reading for all election officials and can serve as the basis for in-house training or at the very least meaningful discussion among the various stakeholders.
Better yet, the CIS created the Elections Infrastructure-ISAC and membership is free. Once signed up, you will receive timely information about what is happening in localities across the nation.
Let’s vote for being better informed and active. Everyone will benefit in the midterm elections.

About Dr. Alan Shark (Full Bio)
Executive Director/CEO Public Technology Institute and Associate Professor, George Mason University Schar School of Policy and Government
Alan R. Shark is the executive director and CEO of Public Technology Institute (PTI).More from Dr. Alan Shark
-
Webinar
How Local Governments Can Stay Involved in NTIA’s BEAD and Digital Equity Programs
May. 25, 2023 , 3:00 pm – 4:00 pmCounties have a critical role to play in ensuring their communities have access to affordable and reliable high-speed Internet. -
Webinar
How Montgomery County is Making Innovation Part of its DNA
May. 25, 2023 , 1:00 pm – 2:00 pmPlease register to receive the password to view the recording below. The following email will provide instructions and the password for the viewing that will become available on May 25th! -
Press Release
National Association of Counties Launches Exploratory Committee on Artificial Intelligence
County leaders and partners to examine best practices and considerations for deployment of AI -
Reports & Toolkits
Cybersecurity and Resilient Counties
NACo has partnered with Acccenture to survey counties on their cybersecurity resiliency. This publication is a cumulation of focus groups and a survey. Download the Report -
Policy Brief
Support the Deployment of Next Generation 911 Bill
Urge your Members of Congress to support the Next Generation 9-1-1 Act of 2023 (H.R. 1784) to provide funding for Next Generation 9-1-1 deployment and for other purposes. Introduced by Reps. Anna Eshoo (D-Calif.) and Richard Hudson (R-N.C.) and Sen. Amy Klobuchar (D-Minn.), this legislation would establish Next Generation 9-1-1 Implementation Grants and would vastly improve interoperability with regards to all emergency communication systems. The bill would also establish a Next Generation 9-1-1 cybersecurity center to coordinate with state, local and regional governments to detect and prevent cybersecurity intrusions related to Next Generation 9-1-1. -
Policy Brief
Support the Protecting Community Television Act
Urge your members of Congress to support the Protecting Community Television Act. Introduced by Sens. Ed Markey (D-Mass.) and Tammy Baldwin (D-Wis.) as S. 340 and Rep. Anna Eshoo (D-Calif.) as H.R. 907 in the 118th Congress, this legislation would amend the Communications Act of 1934 to reverse the Federal Communication Commission’s (FCC) 2019 order requiring that cable-related, in-kind contributions be subjected to the statutory five percent franchise fee cap.
-
Webinar
National Membership Call: Local Preemptions in Broadband Permitting Bills
June 2, 2023 , 3:00 pm – 4:00 pm06023:00 pm<p><br />
-
Webinar
County Finance Transformation: Improve Efficiency, Productivity, and Compliance
June 8, 2023 , 1:00 pm – 2:00 pmFinance transformation is the process of redesigning and improving financial processes, systems, and capabilities to achieve better outcomes for the organization. In this webinar, we will discuss how County government organizations can begin their finance transformation journey. Why is Finance Transformation important?06081:00 pm<p>Finance transformation is the process of redesigning and improving financial processes, systems, and capabilities to achieve better outcomes for the organization.
-
Webinar
NACo Cyberattack Simulation: Internet of Things
June 12, 2023 – June 16, 2023Presented by the NACo County Tech Xchange and Professional Development Academy06121:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Webinar
How People, Process and Technology Intersect to Create Better Digital Experience for County Residents
June 22, 2023 , 1:00 pm – 2:00 pmGovernment often relies on outdated, time-consuming processes. With a digital city hall, governments can promote self-service to reduce the number of calls and walk-ins, saving time internally and externally by moving processes online.06221:00 pm<p>Government often relies on outdated, time-consuming processes.
-
Webinar
Get Out of Excel and Demystify Grant Administration Modernization
June 29, 2023 , 1:00 pmIt’s no secret that Excel spreadsheets, email trails, and hard copy printouts just don’t cut it for grants administration anymore. As the volume of federal and complexity of managing federal funds evolves, it can seem almost just as daunting to move to a new grants management system. Where do you start? How does it affect current workflows an06291:00 pm<p>It’s no secret that Excel spreadsheets, email trails, and hard copy printouts just don’t cut it for grants administration anymore. As the volume of federal and complexity of managing federal funds evolv
-
Webinar
NACo Cyberattack Simulation: Ransomware
September 11, 2023 – September 15, 2023Presented by the NACo County Tech Xchange and Professional Development Academy09111:00 pm<p><em>Presented by the NACo County Tech Xchange and Professional Development Academy</em></p>
-
Basic page
County Tech Xchange
The NACo County Tech Xchange is an online portal designed to connect county CIOs, IT Directors, CISOs, and other county IT leadership. This portal provides valuable resources in a central location that counties can use to improve their overall technology infrastructure.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent">
<tbody>
<tr> -
Basic page
TestIT: How Fast is Your Broadband
NACo has partnered with the Local Initiatives Support Corporation (LISC) and the Rural Community Assistance Partnership (RCAP) to develop a mobile app designed to identify areas with low or no connectivity to help ensure adequate funding for broadband infrastructure is provided across the country.pagepagepage<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out">
<tbody>
<tr>
<td> -
Basic page
Telecommunications & Technology Steering Committee
All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, information technology development and implementation, information technology innovation, e-governance, and geo-spatial data collection and utilization.pagepagepage<p>All matters pertaining to telecommunications and technology policy, including, but not limited to, the county role as a telecommunications regulator, service provider, and consumer, cable services technology and implementation, info
-
Reports & Toolkits
Implementing Infrastructure Investments at the County Level: The Bipartisan Infrastructure Law (P.L. 117-58)
As intergovernmental partners, counties play a key role in ensuring the successful interpretation and implementation of the BILReports & Toolkitsdocument100710:00 amReports & Toolkits<table border="1" cellpadding="1" cellspacing="1" style="width:100%" summary="call-out transparent jump">
<tbody>
<tr>
<td>
Contact
-
Executive Director/CEO Public Technology Institute and Associate Professor, George Mason University Schar School of Policy and Government
Related Resources
-
Blog
Pima County leans into innovation to enhance sustainability
This blog post is sponsored by NACo partner American Gas Association. Unlock the potential of wastewater facilities: Transform waste into clean, renewable energy and contribute to your county's sustainability goals. -
Blog
Remote building inspections beneficial for rural governments
NACo Partner Resource This blog post is sponsored by NACo partner IBTS. -
Blog
How technology drives game-changing workforce satisfaction
County behavioral health and human services agencies and local health departments have been challenged as never before over the past few years. Faced with a worldwide pandemic and an unprecedented demand for services, they have found creative and innovative ways to continue to positively impact and improve the health of their clients.
-
Press Release
National Association of Counties Launches Exploratory Committee on Artificial Intelligence
County leaders and partners to examine best practices and considerations for deployment of AI -
Reports & Toolkits
Cybersecurity and Resilient Counties
NACo has partnered with Acccenture to survey counties on their cybersecurity resiliency. This publication is a cumulation of focus groups and a survey. Download the Report -
Policy Brief
Support the Deployment of Next Generation 911 Bill
Urge your Members of Congress to support the Next Generation 9-1-1 Act of 2023 (H.R. 1784) to provide funding for Next Generation 9-1-1 deployment and for other purposes. Introduced by Reps. Anna Eshoo (D-Calif.) and Richard Hudson (R-N.C.) and Sen. Amy Klobuchar (D-Minn.), this legislation would establish Next Generation 9-1-1 Implementation Grants and would vastly improve interoperability with regards to all emergency communication systems. The bill would also establish a Next Generation 9-1-1 cybersecurity center to coordinate with state, local and regional governments to detect and prevent cybersecurity intrusions related to Next Generation 9-1-1.
Related Events
-
2Jun2023Webinar
National Membership Call: Local Preemptions in Broadband Permitting Bills
Jun. 2, 2023 , 3:00 pm – 4:00 pm -
8Jun2023Webinar
County Finance Transformation: Improve Efficiency, Productivity, and Compliance
Jun. 8, 2023 , 1:00 pm – 2:00 pm -
12Jun2023
-
22Jun2023Webinar
How People, Process and Technology Intersect to Create Better Digital Experience for County Residents
Jun. 22, 2023 , 1:00 pm – 2:00 pm
More From
-
Artificial Intelligence Exploratory Committee
NACo's AI Exploratory Committee covers emerging policies, practices and potential applications and consequences of Artificial Intelligence (AI), through the lens of county government governance, operations, constituent services, innovation, public trust, privacy, and security, and workforce productivity.
Learn More