How Infocyte is Helping Prevent Election Hacking in Texas with Election Security Assessments
This post was last updated on February 19th, 2020 at 12:58 pm
Protecting our elections and voting systems from cyber attack is a top priority for every state and local government. Leaders across the country are taking steps to reduce the threat of election tampering and election hacking. With the 2020 U.S. Presidential Election on the horizon, Texas is ramping up election cybersecurity by assessing, testing, scoring, and securing the technology and practices involved in operating elections. One way Texas is leading the way in protecting our democracy is by using Infocyte to perform Election Security Assessments.
Infocyte’s detection and response platform is unique in a three ways, which make it ideal for Election Security Assessments:
- Hunts within memory where advanced cyber attackers can hide.
- Detects file-less malware, advanced persistent threats, and vulnerabilities.
- Agent-less—deploy and inspect thousands of hosts per hour with ease.
Additionally, Infocyte can be leveraged beyond the initial threat and vulnerability assessment to perform incident response—investigation, triage, and recovery of compromised systems.
Infocyte’s Election Security Assessment was created by experienced elections and cyber security experts. The standards used for analysis include:
- DHS Cybersecurity Guidance and assessment standards
- NIST Cyber Security Framework (CSF) adapted to align with Texas CSF
- Industry best practices from decades of experience and thousands of IR investigations
The Election Cyber Security Assessment has three phases, outlined below.
Phase 1: Asset Discovery
Infocyte is deployed across any state and local government’s electronic voting systems, identifying and enumerating all systems found on the network. This Asset Discovery phase helps your cyber security team (or one of our managed security services providers) better understand the scope of your environment. Infocyte also finds:
- How many voting systems are online
- Which OS and version each system is running
- What applications and software are installed
Because Infocyte’s detection and response platform is agent-less, Asset Discovery can be completed within minutes.
Phase 2: Security Assessment
Following Asset Discovery, Infocyte is used to forensically inspect voting machines—including within memory—for cyber threats, including:
- Auto-starts and unwanted processes
- Malicious scripts and artifacts
- Unwanted applications
- Rogue user accounts
Beyond assessing the security of the electronic voting machines, an Election Security Assessment includes an in-depth review of the voting precinct’s cyber security practices and procedures in the following areas:
- Election Management
- Election Team Support
- Voter Registration
- Pollbook/Voter Check-in
- Ballot Creation and Distribution
- Vote Capture
- Vote Tabulation
- Election Results Publishing
Each item above is assigned a “Risk Severity” score and documented along with a description of the process, plus key issues found within each area. This data (and the results from the Infocyte scan) are ready for phase three.
Phase 3: Election Security Assessment Scorecard
Upon completion of the Election Security Assessment, a scorecard is created and provided to the precinct. This scorecard contains a summary of key security issues, an overall Security Readiness Score (ranging from 1.0 to 3.0) and additional information, including:
- Specific threats, vulnerabilities, and risks discovered
- Security Readiness Score by Security Function using the NIST framework (Identify, Protect, Detect, Respond, Recover)
- Scorecard by Election Area (a table containing the critical information documented in Phase 2)
- Summary of Recommendations, prioritized by Risk Score (Low to Critical)
- Methodology and Definitions
The entire process from start to finish takes less than a week and can be extended if critical threats are identified and need immediate attention.
Request an Election Security Assessment
There are thousands of election administration jurisdictions across the United States and over 350,000 electronic voting machines, so securing our elections and voting systems is no small task. Thankfully, through support from partners like AT&T Cybersecurity and Managed Security Service Providers like CyberDefenses, Infocyte is helping Texas protect our elections from hacking.