Running elections is an essential service, so you can’t reduce services or suspend the process, no matter how tight your budget gets. A typical election office today depends on computerized systems and software for virtually every aspect of registering voters and conducting elections. Elections officials must ensure that all registered citizens have the ability to cast a ballot, that all ballots are accurately counted, and that there is a rapid and accurate reporting of outcome. This must all be done while fending off sophisticated adversaries seeking to disrupt or alter the election outcome.
Election officials must ask themselves if the hardware, software, networks and business processes in their election management systems can securely and accurately handle a dramatic surge in mail-in voting. And if existing systems need to be changed, how can IT and election officials ensure that these changes are adequate while remaining affordable?
Mail-in voter eligibility is up, but so are complexity and cost
Between the states that have adopted voting by mail as their default option, and the growing number that will offer “no excuse required” absentee voting this year, nearly 90 percent of the electorate is now eligible to vote by mail. However, running a large-scale mail-in voting operation is a complex process, involving the equivalent of commercial direct mail fulfillment centers for generating outgoing ballots, as well as secure facilities for processing, tracking and storing returned ballots.Depending on the volume of mail-in ballots expected, new automated equipment and software may be required for timely results. This is especially crucial for the critical process of “signature curing” — comparing the signature on the inner envelope of a mail-in ballot to one or more authenticated signatures on file.
Implementation of increased mail-in voting capability nationwide is estimated to cost at least $2 billion. Most of this bill will fall on local governments which have seen their budgets drop as a result of COVID-19.
Handling increasing complexity and security risk
Increased use of mail-in voting puts a greater premium on real-time de-confliction and reconciliation of data, especially in states where a returned ballot need only be postmarked by Election Day. Depending on the state and the synchronization between its voter registration database and local records, many in-person voters may end up casting provisional ballots. Eligibility of these provisional ballots — which must be kept sealed and segregated — will have to be adjudicated in conjunction with the signature curing process for validating mail-in ballots. This entails network and data synchronization, and in the case of problematic mail-in ballots, may require access to additional personal identifying information and databases.How IT can help
Automation is likely to be a big part of the answer to successfully doing more with less. There are a number of innovative and well-established IT options that can make supporting expanded mail-in voting easier. Secure cloud services and software-defined networking such as SD-WAN and SD Branch services can dramatically enhance networking and productivity. These technologies are cheaper, more flexible, provide a better user experience and — after November — can probably be repurposed for non-election government IT purposes.To improve efficiencies even further, look for dual-use or multipurpose IT options to stretch your budget. Look for options such as Secure SD-WAN where security and networking are fully integrated into one technology solution. This is a way to have your cake and eat it too, since you get both high performance and the secure transmission and storage of election data. But there are likely to be some functions, such as endpoint security or multifactor authentication, that are fundamentally about security. It is also essential that you integrate cybersecurity awareness training into your program. It will further protect your investment and add a human-layer safeguard.
Setting priorities for risk management
Election security should not be compromised. Since you likely don’t have the resources to fix all of your problems at once, prioritization is essential. Start by minimizing the likelihood or impact of non-recoverable errors; losing track of a returned ballot until after the election results are finalized is one example. Conversely, having to do a re-count because of varying tallies is a recoverable error (assuming you have the underlying data). Risk management entails balancing high-profile and potentially embarrassing outcomes that you can work through against those where the consequences may be irreversible.It’s also crucial to identify which issues warrant a change in procedure, technology or location — and at what point. For example, how many paper ballots can your current system handle before it becomes necessary to add new automated capabilities to process returns in a timely fashion? When is it more effective and affordable to migrate from an on-premises facility to a cloud-based solution rather than adding more servers and bandwidth to the current configuration?
A good place to start is by finding a trusted adviser with expertise in your core issues and technology, and who also knows your environment and options, such as shared services. An adviser could be a team composed of someone who knows the local legal and regulatory landscape, someone who knows election system technology, and someone with expertise in cybersecurity solutions. All of these areas should be covered.
Moving toward November
There are significant budgetary constraints and challenges for any election, but this year brings unprecedented challenges, ranging from a likely surge in mail-in voting to public health concerns and a growing budget crisis. But because voting is foundational to our nation, failure is not an option. And with the proper consideration and understanding of the factors involved, election officials at every level can make appropriate risk management decisions combined with smart investments in election management and processing technologies to ensure fair elections, despite the extra challenges brought on by COVID-19.Jim Richberg is a Fortinet Field CISO focused on the U.S. public sector, working to bring cybersecurity solutions to industry and government following a 30-plus-year career driving innovation in cyber intelligence, policy and strategy for the United States government and international partners. He served as National Intelligence Manager for cyber and the senior federal executive focused on cyberintelligence within the $80-plus billion U.S. Intelligence Community annual operating budget. He was the senior adviser to the director of National Intelligence (DNI) on cyber issues and set collection and analytic priorities for the IC's 17 departments and agencies on cyberthreats.