In the United States, state and local governments are responsible for maintaining democratic processes by ensuring the availability and resilience of election systems, the integrity and accuracy of balloting and vote tabulation, and the confidentiality of individual citizens' votes.
With the responsibility to conduct and run the vote in their areas, secretaries of these boards of elections must guard the public's trust in the voting system by:
Since the Department of Homeland Security, or DHS, deemed election systems critical infrastructure in January 2017, state and local boards of elections are taking additional steps to ensure the integrity of the vote at every level. DHS defines election infrastructure as:
Many states and localities have had electronic voting machines in service for more than a decade, which is beyond their original life expectancy. Moreover, the voting machines and other voting system components often reside on unsegmented networks that do little to minimize exposure and security risks, potentially leaving the voting process vulnerable to cyberattacks. Reported high-profile attacks on recent elections have elevated the importance of better cybersecurity. Elections officials must guard their aging infrastructure against denial of service, unauthorized access, and attempts to alter or exfiltrate data, in addition to motivated hacktivists and nation-states with access to increasingly sophisticated tools.
State and local governments are now addressing voting systems vulnerabilities with grants available through the Consolidated Appropriations Act, 2018. The first step is to understand what exposures exist with current voting machines and all related systems. Then, governments can focus on the approaches they will take to prevent successful cyberattacks and unauthorized data access. As they upgrade voting infrastructure, they must ensure their cybersecurity approaches will continue to defend against threats, thereby maintaining availability and the public's trust.
As cyberthreats to digital election systems have increased, state and local governments have placed greater emphasis on election security. As several breaches have demonstrated, traditional approaches have fallen short in multiple different ways.
Air-gapped or isolated information systems are not inherently secure. Although isolated information systems may not directly communicate with the internet, they are often exposed to internal networks in some way. For example, some voting machines use individually keyed USB drives to tabulate votes. Poll workers plug these drives into endpoints that transmit voting results over a network to a server for tabulation. This transmission introduces risk to the process, exposing election systems' management computers to attack from the local network. Also, insiders with local network access may maliciously or inadvertently access, expose, or even tamper with election data. Finally, since aging voting machines and their management systems are often no longer supported, out-of-date relative to patches and antivirus, and lack OS hardening, they are more vulnerable to cyberattacks.
Governments have typically created multilayered approaches to cybersecurity by adding more products to their infrastructure. Whether to protect against network intrusions; secure web browsing, laptops or cloud-based applications; or perform other functions, maintaining multiple siloed security products drives up costs and requires more management overhead. Since these products can't easily coordinate their threat insights, IT and security teams must either manually stitch together threat intelligence feeds and their updates or have incomplete threat visibility. This approach lacks the automated, swift prevention needed to be effective.
Related to incomplete threat views, most governments have little visibility into traffic or applications on their networks, let alone which users access which systems. In the event of malicious or inadvertent access to election systems, many state and local governments have no way of detecting it. For example, some assessments of election management servers have found remote access software installed on them, often without the knowledge of the government IT teams.
To improve security for election systems, the U.S. Election Assistance Commission, or EAC, has federal grants available through the Consolidated Appropriations Act of 2018, which includes funds to implement established cybersecurity best practices for election systems as well as fund other activities that will improve the security of elections for federal office. Secretaries of state have authority and administration responsibility for federal grants provided by the EAC, but local election commissions and their officers have authority for execution and implementation of the election process, including transmission of voting data.
The EAC also released a set of principles and guidelines for voting systems. As you build your cybersecurity approach, consider how it will cover the principles set forth by the federal government, which include:
The Palo Alto Networks® Security Operating Platform helps state and local governments reduce cybersecurity risk for election systems as well as meet regulatory requirements with coordinated, consistent and automated threat prevention across endpoints, networks and cloud environments. State and local governments have chosen the Security Operating Platform to:
Palo Alto Networks secures election systems infrastructure at state and local government levels, as detailed in the following example. This customer, a department of state, took a holistic approach to election systems security across several critical areas of its network.
To preserve the integrity of its election systems infrastructure, the department focused on protecting the voter registration database, including the voter registration process, at each link of the verification chain. The voter registration database is housed in the department's data center and must connect with other systems during the voter registration process. When a person registers to vote, a series of transactions takes place with databases belonging to other governmental agencies to verify that person's eligibility:
To address security needs across these systems, the department deployed Palo Alto Networks next-generation firewalls at the core of its data center. Using the insights gleaned from the application and user network activity visible through the firewall, the department's team segmented the data center network to minimize risk. Taking advantage of the integration with user directories through the firewall's User-ID™ technology, the team built policies to ensure only authorized employees could access network segments that house election systems. Authorizing only specific applications, users and traffic patterns in and out of certain network segments reduces risk while the platform continually scans for new threats and logs unapproved traffic flows for analysis.
Taking a phased approach, the department's team began using the next-generation firewalls at the network perimeter. Palo Alto Networks next-generation firewalls employ integrated credential theft prevention and other features to block even the most sophisticated phishing emails, links and malicious websites from duping state officials into relinquishing their credentials. This is a particularly important step since it's been reported that credential theft was a key element in the successful attacks that attempted to interfere with the 2016 U.S. election.
The next-generation firewall identifies and blocks attempts to steal credentials by stopping the submission of valid corporate or government credentials to illegitimate websites. Through integration with identity and access management technologies, the firewall can enforce MFA at the network layer, neutralizing an attacker's ability to use stolen credentials for lateral movement. MFA adds a layer of protection to meet DHS recommendations while providing peace of mind by limiting the value of stolen credentials.
The firewalls also protect public-facing departmental websites, ensuring the integrity of the election information citizens rely upon as well as preventing defacement or unauthorized alteration of polling places, hours of operation and reported election results. All firewalls are centrally managed by Panorama™ network security management.
Figure 1: High-level state data center diagram
The challenge for state officials lies in the coordination with more than 60 counties on Election Day. The state Board of Elections maintains the voter registration database and provides access to local boards of elections to enable citizens to cast a ballot. The counties share a common network backbone with the state for access to shared resources. Palo Alto Networks firewalls installed at the perimeter provide automated threat prevention and complete visibility of network traffic in and out of the state data center, branch offices and counties. Since the firewalls are automatically updated with protections against the latest malware, exploits, malicious URLs and other threats, protection scales with minimal administrative overhead, allowing network staff to focus on innovation.
A resident engineer focuses on how an organization can best implement the capabilities of the Security Operating Platform to meet business, operational and security goals. In this instance, a resident engineer helped the state department's team transition its network to a Zero Trust architecture that takes advantage of user, application and content visibility to reduce cyber risk.
A comprehensive security strategy for election systems does not stop at the data center or at the perimeter of the network. An effective security posture addresses any potential vulnerable area of the network.
To meet federal recommendations and guidelines, the aforementioned Department of State can replace the traditional antivirus software on its voting systems and management server with Traps advanced endpoint protection, which works whether endpoints are online or offline, on the network or off. As part of the overall platform, Traps coordinates enforcement with Palo Alto Networks next-generation firewalls, benefiting from shared analysis and automation across network and endpoints to stop malware, exploits and ransomware before they compromise these systems. WildFire delivers the latest protections to endpoints in as few as five minutes following discovery of an attack, anywhere in the world. This reduced risk is even more crucial for critical systems that lack patches and security hardening or are no longer supported by their manufacturers.
Figure 2: Election Day deployment
Election workers deploy voting systems and endpoints at remote locations throughout communities on Election Day. By extending the same level of protection to every location, state teams can reduce risk at any potentially vulnerable point of the election systems. GlobalProtect™ network security for endpoints, through GlobalProtect cloud service, extends an IPsec VPN and existing security policies from the data center and network out to remote locations, such as county offices and polling stations. GlobalProtect cloud service enables consistent security across Election Day infrastructure to help ensure the integrity of the vote. The Department of State's team can manage GlobalProtect cloud service through Panorama, and with no hardware to set up, the service deploys in hours – ideal for transient polling stations. GlobalProtect cloud service harnesses the same shared threat intelligence as the rest of the Security Operating Platform, preventing successful cyberattacks on voting systems and results.
States can choose to add another layer of prevention through Magnifier™ behavioral analytics. The data flow for the voter registration process and voting on Election Day are transaction-based and predictable. By analyzing rich network, endpoint and cloud data with machine learning, Magnifier accurately identifies targeted attacks, malicious insiders and malware. State or county IT teams can investigate potential threats, including those within the organization, and take advantage of the Security Operating Platform to scrutinize unusual behavior as well as block attacks, protecting the integrity of the voting process.
With a comprehensive security strategy using the Palo Alto Networks Security Operating Platform, officials of state and county boards of elections will be able to focus on what matters most – Election Day – instead of the administration or management of technology. This state department, along with many others throughout the U.S. and the world, entrusts Palo Alto Networks to help prevent successful cyberattacks on critical systems, including election systems infrastructure. The platform is helping this department prevent threats across its statewide data center, the county network, voter registration databases, endpoints and remote systems. Following the Palo Alto Networks approach for securing election systems, other state and local governments can enjoy a multitude of benefits, including: