How to keep public safety and election operations running when emergencies arise Public sector agencies provide critical services and perform essential functions that citizens depend on every day as well as during emergencies. Continuity plans ensure that the essential functions of agencies stay operational if a natural or manmade emergency should occur. While it’s difficult […]
Protecting voters and sensitive election data for the 2020 election
It was just recently announced that the Department of Homeland Security (DHS) will fund grant programs totaling more than $1.7 billion to state, local, tribal, and territorial governments as well as transportation authorities, nonprofit organizations, and the private sector to help with the Nation’s fight against terrorist attacks, major disasters, and other emergencies. Grant recipients can use the programs in part to implement activities related to cybersecurity.
Aside from available opportunities from the government to achieve a safer nation, there are a variety of ways states and counties can prepare for secure networking during elections.
Safeguarding County Voting Systems
During elections, some counties need to install temporary voting centers. Voting centers could go up at a variety of locations, and with few to no IT staff onsite, they need a network solution that can secure the network and be simple to deploy and easy to maintain. Network security and availability is mandatory for sensitive voter information and counties need to be prepared to deploy a network solution and have a simple conversation about how it is set up and works, should the public ask. In this blog I’ll list out a number of methods agencies can utilize to ensure reliable and secure networking for voting centers.
It’s imperative for agency employees and personnel to be savvy about how network breaches occur. According to Verizon DBIR 2019 Executive Summary Report, Privilege Misuse and Error by insiders account for 30 percent of breaches in the public sector. Having solutions that are easy to deploy and maintain with minimal human intervention is one way to help improve this risk for a public agency. Additionally, phishing is a major attack vector that nearly all organizations must deal with. According to a report by PhishMe, 91 percent of cyberattacks start with a phishing email. Cybersecurity is a shared responsibility when it comes to combating the ongoing threat of phishing attacks, malware, and other security breaches that occur year-round. By making all personnel aware of how to look for cyber threats, they can work together to stay secure.
Patch Early & Often
One simple way to keep networks secure is to make sure all devices, applications, and operating systems are patched and updated. Regardless of the size of the agency, they should adopt a ‘patch early, patch often’ way of thinking to protect networks with regular reviews of system settings.
Agencies can use products with intrusion detection systems (IDS) and intrusion prevention systems (IPS), which are key tools for protecting the network against cyber-attacks. IPS sifts through IP traffic coming into the router, detects attack attempts, and rejects malicious packets. If the router has a cloud management system, an IPS tool can work with the cloud manager to provide real-time alerts that notify the organization when an attack is taking place and should be blocked. Additionally, integrating the network and endpoint security logs into a centralized Security Incident and Event Manager (SIEM) tool will improve the efficiency responding to high priority security events.
Segment Out the Network
Another way to prevent intruders from reaching an agency’s valuable data is network segmentation. Using an application aware firewall combined with virtual LAN configurations can better lock down the network and communications between different networks to only allow certain applications to communicate, thus blocking rogue communications paths. This can help with data breaches such as pivot attacks, where hackers breach an easily accessible part of the network, then move from there into an area where sensitive data is stored. Agencies that use multiple connection LTE gateways can also segment applications onto their own devoted networks, thus eliminating pivot attacks from happening at the voting centers. This is called “air-gapping” the network.
Agencies can also use software defined perimeter technology, where possible, to allow for micro-segmentation. For example, Cradlepoint’s NetCloud Perimeter allows agencies to micro-segment users, devices, groups, applications, and resources with simple software only policies, as well as offer LAN-like performance to remote users on virtually any device, in a matter of minutes — without complex configurations. These invitation-only encrypted overlay networks are highly secure, as they utilize a private address space — eliminating the need for routable IPs on the Internet — thus obscuring them from potential hackers.
The use of WANs with (NAT)’d or private LTE IP networks is also beneficial. Private IP addresses provide a way for devices to communicate with the other devices on a network without being directly exposed to the public Internet and using the agency’s private address space.
Defense in Depth
Another defense method to prevent malware from infecting systems is using defense in depth endpoint protection. Defense in depth is a cybersecurity protection method that uses multiple security measures to protect the network. So, if one line of defense is breached, additional layers of defense are set up to ensure that threats can’t get through. One product that Cradlepoint partners with is Zscaler. Zscaler delivers additional safety measures to networks such as: advanced persistent threat (APT) protection, web filtering, data loss prevention, cloud application visibility, guest WiFi protection, SSL decryption, traffic shaping, policy management, and threat intelligence.
The Nationwide Cybersecurity Review Yearly Assessment (NCSR)
NCSR is a no-cost, anonymous, annual assessment designed to measure gaps and capabilities of state, local, tribal and territorial governments’ cybersecurity programs. It’s based off NIST 800-53 standards and has other compliance crosswalks, like CIS 20 controls, HIPAA and PCI built in.
The assessment can be used to:
- Set security baselines for your organization to improve security posture and keep cybersecurity top of mind
- Use as a security roadmap for your organization and has reports and templates to compare and report your posture verses your peers and other agencies
- Help agencies operationalize and improve your security posture
To learn more about keeping elections secure, view our webinar: Securing Elections Systems: Risks & Solutions.