On the heels of the July 4th 🇺🇸 🎂 🎊 holiday, the Cybersecurity and Infrastructure Security Agency has promulgated a useful guide for election works as “Suffrage is the pivotal right.” —Susan B. Anthony
These five steps will help election workers improve processes and procedures to protect sensitive information by implementing OPSEC principles.
Step 1️⃣ – Identify Sensitive Information: Develop an organizational understanding of all data, assets, and personal information that would provide valuable information to an adversary, whether on its own or in aggregation.
Step 2️⃣ – Understand Threats: Understand the tactics used by threat actors that can present physical, cyber, or operational risks.
Step 3️⃣ - Identify Vulnerabilities: Identify potential vulnerabilities in physical and cybersecurity procedures that could allow an adversary to access sensitive information identified in Step 1.
Step 4️⃣ – Assess Risks: Considering the threats identified in Step 2 and the vulnerabilities identified in Step 3, assess the likelihood and severity of a threat actor’s actions on the security of election infrastructure or processes if they had access to sensitive information from Step 1.
Step 5️⃣ – Implement Countermeasures: Select and implement countermeasures that eliminate or reduce the priority risks identified in Step 4.
🗣 Remember—the people who work the polls on election day are regular people helping their communities. They play an important role in ensuring secure elections.
🗳 If you want to join thousands of other citizens serving America, consider helping people vote in your local community:
https://lnkd.in/e26eWHCU
We are proud to announce the release of our Guide to Operational Security for Election Officials: https://go.dhs.gov/3mY
The new guide aims to enhance the security of our election infrastructure by providing a comprehensive overview of operational security (OPSEC) within the election context, identifying potential risks, and offering practical mitigation measures.
Learn more about this guide and protecting our elections at cisa.gov/protect2024 #Protect2024
Capital Markets | 30yrs of Startups | Aerospace Engineer
2wPerhaps the only suggestion I see election officials being able to achieve is to hire an outside contractor to conduct a physical audit, which may or may not result in actions that mitigate threats. The rest of these recommendations are largely unachievable. In short, we have an enormous disconnect between the system architects, those responsible for operating the system, and policy authors in DC. The fitness landscape is simply not coherent, as either we need highly skilled tech operators to operate this election system securely, or we need a vastly more simplified system. No edict from DC can rectify this lack of cherence, nor safeguard this current version of our election system from external or internal threats. PS. I have 20 yrs of election monitoring experience and was the first, and perhaps still the only, to lead a team that performed a comprehensive audit of these systems during an actual election, under contract by the nation's 3rd largest county.