•
•
almost all participants expressed an interest in working more closely together.
External training from election cybersecurity experts is key as this increases both confidence and competence; significant leveraging of DHS resources and Belfer Center materials is occurring in the states. Many states reported working with the Belfer Center and attending election cybersecurity training programs for their state teams and local election officials. Many states hosted spinoffs of the Belfer program with tabletop security exercises in conjunction with the DHS and other federal entities in an effort to train their staff and local election officials on election cybersecurity.
•
•
Deep concerns were expressed among almost all participants across all states regarding the funding of election administration, election technology and election cybersecurity. While there has been recent election cybersecurity funding through HAVA, it was expressed that this HAVA funding is insufficient for ongoing cybersecurity needs at the state and local level and only a fraction of what is actually needed.
:// CSG ELECTION CYBERSECURITY INITIATIVE BEST PRACTICE RECOMMENDATIONS FOR INTRASTATE COMMUNICATIONS
8
conference calls and strategy sessions with all appropriate stakeholders to and engage on new and ongoing cybersecurity threats and how to best mitigate these threats.
Maintain an accessible repository of relevant information about state laws, organizational structure, election systems, and performance metrics. This repository would allow all relevant agencies to have more detailed conversations about best practices and ideal organizational models that best position them to respond and recover from cybersecurity incidents.
A common communications mapping format across all 50 states and territories would greatly reduce the time it takes to craft new state-specific models and understand existing hierarchies and processes. By leveraging an accepted modeling standard, it would be easier for state agencies to disseminate critical information and to share communication practices among states. The products being developed by the National Institute of Standards and Technology, or NIST, Election Modeling Working Group could be used as a baseline model and a common modeling format.8 Reach out to your colleagues across the hall, across the aisle and across fields of expertise in order to optimize the intrastate election cybersecurity communications efforts within your state. Take time to learn about and understand the responsibilities and concerns of colleagues in different departments and agencies within your state.
https://collaborate.nist.gov/voting/bin/view/Voting/ElectionModeling
This initiative provided opportunities for constructive dialogue both between the CSG and state and local participants, and among state and local participants within a given state. While some discussions were conducted one-on-one between CSG team members and individual state participants, others were facilitated by CSG among a cross- section of individuals from different state and local offices that include local elections offices, state election offices IT offices, the governor’s office, legislators and cybersecurity offices. Many common themes, and suggestions for improvement in communications activities surrounding election cybersecurity emerged across all participants regardless of their state or position. Those have been merged into the following CSG Election Cybersecurity Initiative Best Practice Recommendations for Intrastate Communications: •
Communicate regularly and transparently with all appropriate state and local stakeholders whose responsibilities touch the cybersecurity processes within a state and coordinate these communication activities so that all are working collaboratively toward the same goal. Schedule regular meetings,
9