Solution - Election Security

The topic of election security, and possible election fraud, seems to be at the top of the list every election cycle with a major focus during presidential elections. Unfortunately, most election processes do have some vulnerabilities regardless if it is process related or technology related. And, unfortunately, Arrakis personnel have not experienced any election environment that is fully secure and devoid of vulnerabilities.

Arrakis personnel past experience have included: dealing with election vendors, network architecture as it relates to election security, election security processes, security architecture to reduce risk of the election environment, evaluation of administrative controls including policies and procedures, human interaction during the election process, and alignment with election security guidelines to help ensure a lower risk....and that is just to name a few.

past experiences by category are:

• people - Most election processes have valuable people that truly care about an honest election process. Unfortunately, in several cases, Arrakis has run across well meaning departments that aren't fully prepared to handle an election. Quite often this revolves around a less than full understanding of federal election requirements, general security concepts, and a lack of training or experience when it comes to technology. While the intent of election personnel is honorable, the lack of experience or training can severely hurt the election as these persons generally do not have the skill set or experience to recognize or mitigate risk.
• Process - Every location has different processes to support the election process. Regardless of location, most locations have a process or processes that have security holes in relation to processing votes, handling of election equipment, or the security of votes already cast. Any one of these can help degrade voter confidence in the election itself which only attracts negative attention for the office that handles elections and can hold specific people accountable.
• Technology - Technology plays an important role in everything. Lack of appropriate technology only places more emphasis of a solid process to secure elections however the introduction of any piece of technology introduces risk associated with technology. In almost all cases, Arrakis personnel have found vulnerabilities relating to technology that wouldn't even comply with best practice. Sadly, technology quite often doesn't keep up with the increases of external threats.

CMMI Maturity Model as it relates to People, Process, and Technology

Unfortunately the above are just some basic examples of the challenges faced when dealing with elections. Most election offices simply don't have consistency with federal guidelines or even amongst different voting districts within a state. To make matters worse, there is a generalized desire to incorporate more and more technology to help streamline the election process. While the intent to reduce the level of effort in the election process is always a great idea, in almost all cases election districts simply haven't caught up to current standards when it comes to other regulatory environments such as HIPAA or PCI.

For example, one area of increased concern is the inclusion of technology yet also the ability for technology vendors to lobby for reduced security. Why would they do this? Of course the logical answer is simply due to increase cost with research and development or anything else that may increase cost in order to comply with security. This would most certainly affect the profit margin.

To look it from a time standpoint, there have been no significant improvements to security or privacy since 2006 as it relates to the voting process. Imagine the same scenario as it relates to your credit or health information. You may ask yourself why this hasn't been brought up before. It seems logical to assume that the public is less aware of security or privacy as it relates to the voting process given that the voting process only seems to be in the headlines every four years. The moral of the story is that if the security and privacy of any other subject, other than voting, were cared about as much as voting security should be considered then the security of voting would likely be much greater.

To make the voting process more complex, there is simply not enough cybersecurity personnel to go around. As of this writing, there is about 800,000 unfilled cybersecurity jobs worldwide. That means that every single cybersecurity person is currently employed, gainfully, by some government entity or corporation somewhere and if you don't have qualified, certified, trained, and experienced personnel already on staff then there is a weakness in your organization.

The end result of any of the above (and not to say those are the only possible negative outcomes) generally can result in negative news articles for both the election office and those people that can be held accountable in that election office. These negative articles almost always can result in getting on the federal radar for possible election fraud. Additionally, lawsuits can result where the losing party simply wants to challenge the results and uses election issues as the foundation for the lawsuit. This only further increases the potential for negative news articles. However, and possibly or likely a worst case scenario, is when voter confidence in the election process is reduced in such a way that voters question if it is even worth voting or if their votes were manipulated. Once a local population loses faith in the election process then those same voters can lose faith in any office that was elected.

While not directly connected to election security, Arrakis is licensed to do work with the federal government and numerous states. Additionally, Arrakis has performed activities for the federal government both inside the United States and external to the United States. In short we are cleared to help you with whatever you need.

Doing business with Arrakis is also very streamlined. Should you desire to do business with Arrakis, we will support you during the purchase order process as well as help you generate a statement of work and associated justifications of why you need Arrakis support. This pre-engagement support greatly reduces the level of effort by your staff.

Arrakis personnel have extensive experience in election security for election environments of all sizes and can help your election process go smoother with overall reduced stress. Contact us at [email protected] for more information on how we can help you.

See our LinkedIn article pertaining to personal experiences relating to Election Security.

See our Election Security interview videos.

Contact Arrakis for more information.