Maricopa County CISO Lester Godsey said during the recent RSA Conference that 2020 “was a model election” but that there are many takeaways for maintaining and improving security for elections in the coming years.
The conversation comes as the county remains in the grip of a controversial and troubled recount of its 2020 presidential ballots, which have already been verified. County officials and independent contractors previously found the elections secure and the results reliable, and the vote tabulation equipment “went through extensive testing,” according to the county government website.
The ballots are being reviewed anew in an effort that has increasingly generated concerns. Fears of bias have been raised, given that the CEO of the private firm handling the reviewed had advanced unsupported election fraud claims on social media and that ballot counters reportedly have been recruited from “right-wing circles,” according to azcentral.
The quality of the review itself is highly questionable as well, with Secretary of State Katie Hobbs saying recently that the voting machines given over to the firm for its review are likely no longer safe for use in future elections, because the company has failed to adhere to the security procedures necessary to guarantee that malware installation or other tampering does not occur.
LOCAL-FEDERAL PARTNERSHIP
In advance of the elections, CISA experts examined Maricopa’s sites both for cyber and physical security, and county officials then complied CISA’s advice into election security playbooks that could help guide their responses should any of a variety of scenarios occur, he said.
During the general election itself, county officials updated federal groups every hour about activities they were observing regarding potential cyber threats as well as information from social media about efforts or happenings that could turn into “kinetic events,” or on-the-ground violence, Godsey explained.
“We actually picked up intelligence on social media about people using that platform to coordinate a caravan to follow our election officials when they were moving from one location to another,” Godsey said.
Federal agencies particularly upped their efforts to relay threat information back out to local government during 2020, and the FBI met with local election officials regularly in advance of elections.
“We mandated that anytime there was a local election incident, that the chief election official was also notified,” said Cynthia Kaiser, section chief with the FBI Cyber Division. “Anytime there was a local election potential incident, we were going to the secretary of state or equivalents and talking about what was happening, and that really gave everyone confidence after the election that those trusted elected officials knew what we knew and made decisions accordingly.”
WHOLE OF SOCIETY
Godsey said the county saw a variety of cyber attacks during the course of 2020, such as distributed denial of service (DDoS) attacks — which seek to overload a system with a flood of network traffic — and port scanning, which aims to identify vulnerabilities in a network. But mis- and disinformation was among the greatest challenges.
Kaiser noted similar observations.
“We have no evidence…that foreign or other actors sought to manipulate election results,” she said. “We saw them trying to influence our minds with an aim towards destabilizing society.”
Iran and Russia leveraged voter and election official intimidation efforts as well as generated and amplified inaccurate claims to influence Americans’ thinking, Kaiser said. Geoff Hale, head of CISA’s Election Security Initiative, said fighting back against disinformation requires not just flagging perpetrators — an effort he acknowledged cannot keep up against the sheer amount of falsehoods being pushed — but also promoting trustworthy, reliable information sources to members of the public.
An effective response requires collaboration among not just state, local and federal government, but also the private sector — which can act to take down misleading content and direct users to reliable information instead — and members of the public, who can learn to better vet and identify potentially false content, said Kaiser, deeming this a “whole-of-society effort.”
The ongoing ballot audit in Maricopa County could present another lesson for the private sector’s role in election security and the importance of how their products are received. Godsey said that vendors providing software used in elections processes should keep in mind that even if their solutions remain perfectly secure, the impression that something could have gone amiss can undermine faith in the processes.
“There doesn’t actually have to be an event that can cause a disruption to the election, it just has to have the appearance of an event,” Godsey said. “Vendors need to take into consideration the sensitivity around their technology, especially as it relates to the elections, and how just a perception in and of itself can be a disruption.”
READYING FOR THE NEXT ELECTIONS
Continuing close communication across sectors year-round may be essential to ensuring everyone is prepared for the next election and able to proactively detect and respond to developing harmful trends.
“We keep talking to each other. We can’t look around and think, ‘Oh, it’s June 2022, I guess we should start talking to election officials again,’” Kaiser said. “We have to really remain committed to working with each other, with election officials, with the private sector, and be having conversations with the American public.”
Local governments will also need to establish clear processes for sharing intelligence with each other, Godsey said. Maricopa had shared sanitized versions of its security strategy playbooks with other counties during 2020, and Godsey called for more such efforts going forward.
“We as local governments need to do collectively a better job and have a more formal stringent process in place, especially when it comes to intelligence sharing that we follow and execute,” he said.
Practicing those strategies will also be key, he said: “It’s one thing to have it documented and have your playbooks, but if the first time you’re looking at it is the election, that’s not the right tactic.”
Maricopa County also will be revising its playbooks and may adopt additional technologies, such as using more automation tools to make basic intelligence gathering more efficient, Godsey said.