2014 Feb Redesign Roof

electionLine

A project of the Democracy Fund

2014 Feb Redesign Search

2014 Feb Redesign Print/Email

Print | Email

Nice Social Bookmark

electionlineWeekly — September 20, 2018

Table of Contents

 I. In Focus This Week

CEIR voter registration database security report
Survey finds most states adopted best cybersecurity practices since ‘16

The Center for Election Innovation and Research (CEIR) has released a new report based on a survey of 26 states conducted between June and July of 2018 to assess the current state of security around voter registration databases (VRDBs).

The survey results, released ahead of National Voter Registration Day, show that immense progress has been made in securing voter registration databases since 2016, though significant room for improvement remains for states to strengthen their defenses against hacking attempts.

Voter registration databases have been a central focus of conversations around election security since the 2016 presidential election when several voter registration databases were scanned and at least one infiltrated by Russian operatives.

Amid concerns on the security and integrity of the upcoming midterms, the report provides a clear picture of the tangible improvements that have taken place to ensure voters can trust the democratic process this November.

The report finds that a significant majority of responding states:

  • Regularly train voter registration database users to detect cyber threats, like phishing
  • Consistently monitor for improper access to their database
  • Use secure HTTPS for websites with sensitive information
  • Employ tools to prevent distributed denial-of-service (DDoS) attacks
  • Utilize recommended email protection tools
  • Back up their database daily – and regularly test the backup

However, states can do better when it comes to implementing more secure password requirements and further adopting multi-factor authentication.

“The survey shows just how much progress states have made since 2016 in key areas of cybersecurity to prevent, detect, and mitigate foreign interference,” said David Becker, executive director of CEIR.

CEIR is a nonpartisan, nonprofit organization working to improve election administration through research, data, and technology. CEIR works with experts and election officials in every state and across the political spectrum to rebuild voter confidence in our elections and democracy, ensure all eligible voters can vote conveniently in a system with maximum integrity, and ultimately increase voter participation.

The survey consisted of 23 multiple-choice questions addressing three major areas of cybersecurity: (1) prevention, (2) detection, and (3) mitigation. The survey was sent to election officials in all fifty states and the District of Columbia. Of those, twenty-six states returned completed surveys.

Additionally, one state was able to contribute a small number of answers but declined to respond to most of the survey questions. That state’s answers are included in the analysis of the questions to which they responded. Three other states returned surveys which declined to answer any of the questions due to security considerations. Thus, those three states are disregarded in data-reporting and analysis.

This report details the results of the survey, while contextualizing the importance of certain security measures in maintaining a well-protected VRDB.

“There is no finish line in cybersecurity, so Congress and state legislatures will need to provide elections officials with a consistent funding stream to continue to improve their training and protocols around election cybersecurity,” Becker said.

To read the full report, click here.

(The Center for Election Innovation and Research is a grantee of the Democracy Fund.)