Authors: Jessica Bowers, Joshua Michael Franklin
The EAC released the original election security preparedness page in 2016 as a resource to election administrators across the country that are charged with protecting the processes and technology underpinning democracy. Since 2016, there have been dramatic improvements in the security of our nation’s election infrastructure and security has become the primary concern of many election administrators planning for elections in 2020 and beyond. Election security has been helped by local and state government officials working in coordination with nonprofits, federal agencies, private companies, and academia. A large majority of the guidance produced by the election security community is collected into the EAC’s new election security preparedness page as part of the EAC’s clearinghouse function under the Help America Vote Act.
The biggest change to the election security preparedness page is an updated categorization of the security guidance. Information is no longer grouped by the organization providing it (e.g., NIST, EAC, CISA), but is instead grouped by topic area (e.g., resources to voters, preparing and responding to cybersecurity incidents). Another important change is the addition of descriptions for many of the linked items. These descriptions provide context for election administrators and their information technology (IT) staff to quickly locate the resources they need. A few of the new categories added to the page include security considerations for procurement of new election technology, guidance on how to perform security self-assessments, and methods of performing post-election audits. Each of these topic areas can have a significant impact on the conduct of elections.
The general “Cybersecurity 101” concepts have also been consolidated and moved to the bottom of the page. This part of the page’s reorganization preserves the original information while recognizing that election administrators have significantly increased their cybersecurity acumen since the original publishing of the page. For example, the Multi-State Information Sharing and Analysis Center (MS-ISAC) resources for general categories on cyber-attacks (e.g., SQL injection, DDoS) can be found in this category. Finally, a table of contents was added at the top of the page to help visitors quickly find the information they are looking for.
The election security preparedness page is not the only page the EAC maintains on specific topic areas. Other locations with more detailed resources, like the disaster recovery, post-election audits, and COVID-19 pages all provide a multitude of relevant information to assist administrators.
The EAC will continue to maintain and post best practices from states and election jurisdictions, and we encourage officials and their staff to submit relevant information to firstname.lastname@example.org to contribute to the election administration body of knowledge. If any election jurisdictions have questions about these resources, please feel free to contact us via this page, social media, or whatever method is convenient. The EAC hopes these changes are beneficial to the election community and welcome any feedback and suggestions for additional guidance that should be shared.