Cybersecurity Update Ahead of Mid-Term Elections

Early collaboration with federal, state, local entities cited as critical in improving the elections infrastructure security posture.

ALBANY, NY (11/01/2018) (readMedia)-- The New York State Board of Elections highlighted a list of cybersecurity initiatives implemented ahead of the 2018 mid-term elections. The successful implementation of the programs is credited to NYSBOE's early collaboration with many federal, state and local government, as well as, not-for profit and academia groups.

In 2018, the State Board of Elections was allocated $5 million dollars in State appropriations for cybersecurity initiatives and received approximately $19.5 million dollars in federal appropriations to be used toward elections security. In May of 2018, the Board adopted a cybersecurity plan outlining the use of the federal and state resources. The plan, dubbed ARMOR, addresses: Assessing risk, Remediation, Monitoring Operations and Response.

"Our early collaboration with federal, state, local and academia, was critical in strengthening our cybersecurity posture," stated Robert A. Brehm, Co-Executive Director. "We have many valuable partners working diligently on cybersecurity initiatives. As a result, our preparedness and response plans have been tested and re-tested. New York State is certainly positioning itself as a leader on cybersecurity."

"We have worked very hard since 2016 to assess our strengths and vulnerabilities and make improvements at the State Board and to offer help and guidance to our colleagues on the front line at the county level," said Todd D. Valentine, Co-Executive Director. "This year was a turning point as we were able to partly shift our focus to the county boards and their needs. The mid-term elections will be a good milepost to assess our progress as we head towards the next presidential election in 2020. I think we have made very good use of the resources we have received so far, but the need continues and our state and federal partners, who have been so supportive, recognize that the job is not finished."

Prior to the 2018 mid-term elections, the following cybersecurity achievements have been achieved:

• The Secure Elections Center was created and handles cyber incidents impacting the State or County Boards of Elections;

• The Secure Elections Center has initiated a protocol to minimize any utility disruptions on election day;

• A Cyber Incident Reporting Procedure has been implemented and tested;

• NYSBOE participated in "Train the Trainer" cybersecurity exercises hosted by The Belfer Center for Science and International Affairs at Harvard University.

• NYSBOE then collaborated with the federal Department of Homeland Security to 6 regional tabletop exercises focusing on elections/cybersecurity preparedness and response. The exercises were open to all County Boards of Elections, IT staff supporting elections infrastructure, state and county government partners and vendors. These regional elections/cybersecurity exercises were the first of its kind in the Nation.

• New York State participated in three federal "Tabletop the Vote 2018" exercises. New York State was asked to share its cyber incident response procedure at each of the exercises.

• Achieved 100% participation in tabletop exercises by the State and County Board of Elections.

• All State and County Boards of Elections are members of the Multi-State Information Sharing Analysis Center (MS-ISAC) and the Election Infrastructure Information Sharing Analysis Center (EI-ISAC).

• NYSBOE let a contract for risk assessments to be conducted for all County Boards of Elections. Risk Assessments are underway.

• NYSBOE let a contract for increased intrusion detection for all County Boards of Elections.

• NYSBOE let a contract for managed security services for all County Boards of Elections.

• Implemented mandatory NYSBOE Cybersecurity Awareness Training (SANS training) to all State Board, County Board of Elections, State IT and County IT staff. The web-based training will be available for three years-through the presidential election.

• NYSBOE presented at numerous state conferences, such as at New York State Conference of Mayors and the New York State Local Government Information Technology Directors Association (NYSLGIDTA).

• Participated in the Belfer Center's Defending Digital Democracy Project (D3P) webinar series on social media manipulation for Public Information Officers.

New York State Board of Elections has fostered strategic and productive relationships with the following partners: Elections Assistance Commission (EAC); Federal Department of Homeland Security (DHS); Federal General Services Administration (GSA); Federal Bureau of Investigation (FBI); Governor's Cybersecurity Advisory Board (CSAB); NYS Division of Homeland Security and Emergency Services (DHSES); NYS Department of Public Service (DPS); NYS Office of General Services (OGS); NYS Office of Information Technology Services (ITS); County Boards of Elections and County IT Departments; Multi-State Information Sharing and Analysis Center (MS-ISAC); Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC); New York State Technology Enterprise Corp. (NYSTEC); The Belfer Center for Science and International Affairs at Harvard University; University at Albany's Center for Technology and Government (CTG), New York State Local Government Information Technology Directors Association (NYSLGITDA), New York State Association of Counties (NYSAC).

Tuesday, November 6, 2018, is general election day in New York. Polls will be open from 6 AM to 9 PM.

If you have any additional questions, please contact John Conklin or Cheryl Couser in the Public Information Office at the New York State Board of Elections, 518-474-1953, INFO@elections.ny.gov.

- 30 -