2 minute read
Contingency Plans
equipment necessary for the conduct of the election; or a person who is employed at the location in which a polling place is located while the person is acting in the course of the person's employment.47
The Secretary of State has adopted rules defining classes of protected election data and established best practices for identifying and reducing risk in the electronic use and transmission of election data and the security of election systems.48 Election security best practices are intended to provide guidance on how to address cyberattacks and other disaster risks in the election process.
The Secretary of State has promulgated an Election Security Best Practices Guide that explains the various plans and goals of the plans.49 The Secretary of State has also created an Election Security Toolkit that is available to the counties and has conducted training regarding the toolkit to allow the counties to modify and implement the plans as fits their particular jurisdiction. The following plans have been outlined in the Secretary of State Election Security Best Practices Guide:
An authorized election written information security program (WISP) should be established to outline a set of prevention and response plans in the event of a cyberattack.50 Part of WISP involves also creating an election information security policy (EISP), which establishes protocols that protect election-related data from cyber threat and other disasters.51
As part of WISP, the Secretary of State also recommends that election departments create an incident response plan that documents the specific steps to take in case of
47 Tex. Elec. Code § 61.014 (d). 48 If the Secretary of State becomes aware of a breach of cybersecurity that impacts election data, the secretary shall immediately notify the members of the standing committees of each house of the legislature with jurisdiction over elections. See Tex. Elec. Code § 279.002. 49 Election Security Best Practices Guide, Texas Secretary of State Elections Division, (April 2020), https://www.sos.state.tx.us/elections/forms/election-security-best-practices.pdf. 50 A county election officer shall annually request training on cybersecurity from the secretary of state. The secretary of state shall pay the costs associated with the training with available state funds. A county election officer shall request an assessment of the cybersecurity of the county's election system from a provider of cybersecurity assessments if the secretary of state recommends an assessment and the necessary funds are available. If a county election officer becomes aware of a breach of cybersecurity that impacts election data, the officer shall immediately notify the secretary of state. To the extent that state funds are available for the purpose, a county election officer shall implement cybersecurity measures to ensure that all devices with access to election data comply to the highest extent possible. See Tex. Elec. Code § 279.003. 51 Election Security Best Practices Guide, Texas Secretary of State Elections Division, (April 2020), https://www.sos.state.tx.us/elections/forms/election-security-best-practices.pdf.
