DOCSLIB.ORG

Election Committee Strategic Plan

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Election Committee Strategic Plan ELECTION COMMITTEE STRATEGIC PLAN Chair: Secretary Connie Lawson | Co-Chair: Beth Dlug September 2018 Indiana Executive Council on Cybersecurity Election Committee Plan IECC: Election Committee 1 Contents Committee Members .................................................................................................................... 6 Introduction ................................................................................................................................... 8 Executive Summary .................................................................................................................... 10 Research ....................................................................................................................................... 13 Deliverable: Statewide Voter Registration System (SVRS) Cybersecurity Enhancements . 20 General Information .................................................................................................................. 20 Implementation Plan ................................................................................................................. 21 Evaluation Methodology ........................................................................................................... 24 Deliverable: SVRS Network User Access Control Enhancement .......................................... 26 General Information .................................................................................................................. 26 Implementation Plan ................................................................................................................. 27 Evaluation Methodology ........................................................................................................... 31 Deliverable: Election System Physical and Logical Security Controls .................................. 34 General Information .................................................................................................................. 34 Implementation Plan ................................................................................................................. 35 Evaluation Methodology ........................................................................................................... 38 Deliverable: Post-Election Risk Limiting Audit Standards and Pilot Program ................... 40 General Information .................................................................................................................. 40 Implementation Plan ................................................................................................................. 41 Evaluation Methodology ........................................................................................................... 46 Deliverable: Cyber Threat Awareness and Training for County Election Administrators 48 General Information .................................................................................................................. 48 Implementation Plan ................................................................................................................. 49 Evaluation Methodology ........................................................................................................... 52 Deliverable: Election Day Cybersecurity Tabletop Exercises ................................................ 55 General Information .................................................................................................................. 55 Implementation Plan ................................................................................................................. 56 Evaluation Methodology ........................................................................................................... 59 Deliverable: Indiana Best Practices Manual for the Operation of Election Equipment ...... 61 General Information .................................................................................................................. 61 Implementation Plan ................................................................................................................. 62 IECC: Election Committee 2 Evaluation Methodology ........................................................................................................... 66 Deliverable: Election Day Cybersecurity Emergency Preparedness Plans ........................... 68 General Information .................................................................................................................. 68 Implementation Plan ................................................................................................................. 69 Evaluation Methodology ........................................................................................................... 72 Deliverable: Election Day Cybersecurity Monitoring and Rapid Response Technical Support ....................................................................................................................................... 74 General Information .................................................................................................................. 74 Implementation Plan ................................................................................................................. 75 Evaluation Methodology ........................................................................................................... 78 Deliverable: Election Cybersecurity Public Education and Awareness ................................ 80 General Information .................................................................................................................. 80 Implementation Plan ................................................................................................................. 81 Evaluation Methodology ........................................................................................................... 84 Deliverable: Election Cybersecurity Incident Response and Communications .................... 86 General Information .................................................................................................................. 86 Implementation Plan ................................................................................................................. 87 Evaluation Methodology ........................................................................................................... 90 Deliverable: Catalog and Summaries of Best Election Cybersecurity Reports and Guides 92 General Information .................................................................................................................. 92 Implementation Plan ................................................................................................................. 93 Evaluation Methodology ........................................................................................................... 96 Supporting Documentation ........................................................................................................ 98 Center for Internet Security (CIS) Handbook for Elections Infrastructure Security ................. 99 Department of Homeland Seucirty (DHS) Multi-State Information Sharing and Analysis Center (MS-ISAC) ISAC Pilot for Eelction Infrastructure................................................... 174 Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) Common Cyber Security Language ........................................ 193 Election Assistance Commission (EAC) Glossary of Common Cybersecurity Terms .......... 201 Election Assistance Commission (EAC) U.S. Election Systems as Critical Infrastructure Addendum I: Glossary of Key Terms and Acronyms .......................................................... 209 Harvard Kennedy School Belfer Center Campaign Cybersecurity Playbook......................... 222 Harvard Kennedy School Belfer Center Election Cyber Incident Communications Coordination Guide ............................................................................................................... 249 IECC: Election Committee 3 Harvard Kennedy School Belfer Center The State and Local Election Cybersecurity Playbook ............................................................................................................................... 284 National Association of Elections Officials Election Center Elections Cybersecurity Checklist ............................................................................................................................... 357 Voting System Technical Oversight Program at Ball State University (VSTOP) Indiana Best Practices Manual for the Operation of Election Equipment ................................................. 366 Voting System Technical Oversight Program at Ball State University (VSTOP) Risk Limiting Audit (RLA) Pilot ................................................................................................................. 395 Voting System Technical Oversight Program at Ball State University (VSTOP) Risk Limiting Audit (RLA) Pilot Report ..................................................................................................... 454 IECC: Election Committee 4 Committee Members IECC: Election Committee 5 Committee Members Name Organization Title Committee/Workgroup IECC Position Membership Type Connie Secretary of State Secretary of State Chair Voting Lawson Beth Dlug Allen County Elections
Load more

Recommended publications
  • Agenda Document No. 18-43-A
    FEDERAL ELECTION COMMISSION AGENDA DOCUMENT NO. 1 8-43-A Washington, DC 20463 AGENDA ITEM For meeting of October 11, 2018 SUBMITTED LATE MEMORANDUM TO: The Commission FROM: Lisa J. Stevenson Acting General Counsel Neven F. Stipanovic Acting Associate General Counsel Robert M. Knop Assistant General Counsel Joseph P. Wenzinger Attorney Subject: AO 2018-12 (Defending Digital Campaigns, Inc.) Draft A Attached is a proposed draft of the subject advisory opinion. Members of the public may submit written comments on the draft advisory opinion. We are making this draft available for comment until 9:00 am (Eastern Time) on October 11, 2018. Members of the public may also attend the Commission meeting at which the draft will be considered. The advisory opinion requestor may appear before the Commission at this meeting to answer questions. For more information about how to submit comments or attend the Commission meeting, go to https://www.fec.gov/legal-resources/advisory-opinions-process/ Attachment 1 ADVISORY OPINION 2018-12 2 3 Marc E. Elias, Esq. DRAFT A 4 Perkins Coie LLP 5 700 13th Street, NW, #600 6 Washington, DC 20005 7 8 Michael E. Toner, Esq. 9 Wiley Rein LLP 10 1776 K Street, NW 11 Washington, DC 20006 12 13 Dear Messrs. Elias and Toner: 14 We are responding to your advisory opinion request on behalf of Defending Digital 15 Campaigns, Inc. (“DDC”), concerning the application of the Federal Election Campaign Act, 52 16 U.S.C. §§ 30101-45 (the “Act”), and Commission regulations to its proposal to provide or 17 facilitate the provision of certain cybersecurity services, software, and hardware for free or at a 18 reduced cost to federal candidate committees and national party committees (collectively, 19 “federal candidates and parties”) on a nonpartisan basis and according to pre-determined, 20 objective criteria.
    [Show full text]
  • Party Foul: Inside the Rise of Spies, Mercenaries, and Billionaire Moneymen -- Printout -- TIME
    Party Foul: Inside the Rise of Spies, Mercenaries, and Billionaire Moneymen -- Printout -- TIME Back to Article Click to Print Monday, Mar. 03, 2014 Party Foul: Inside the Rise of Spies, Mercenaries, and Billionaire Moneymen By Alex Altman; Zeke Miller On a cold Saturday in January, a spy slipped into a craft brewery in downtown Des Moines, Iowa, where Hillary Clinton's standing army was huddled in a private room. The 43-year-old operative lurked in the corner with a camera on a tripod, recording the group of old Clinton hands as they plotted her path to the presidency. "Nobody," veteran Democratic strategist Craig Smith told the group, "had ever done it like this before." Within hours, a clip of the gathering was shipped to the snoop's employer, a for-profit research firm in northern Virginia. From there, it was packaged for a conservative magazine and subsequently went viral online. It was an early score in a presidential election that won't officially begin for another year--and it happened without any involvement from a candidate or either party. The Clintonites were members of Ready for Hillary, a super PAC that is spending millions of dollars to assemble a grassroots battalion for the former Secretary of State's campaign-in-waiting. And the infiltrator was one of more than two dozen "trackers" dispatched across 19 states by a company looking to damage Democrats. This is the dawn of the outsourced campaign. For decades, elections have been the business of candidates and political parties and the professionals they employed. People with names on the ballot bought their own ads and wielded the ability to smite enemies with a single phone call.
    [Show full text]
  • The Cybersecurity Campaign Playbook: European Edition
    The Cybersecurity Campaign Playbook European Edition DEFENDING DIGITAL DEMOCRACY MAY 2018 Adapted in partnership with International Republican Institute Defending Digital Democracy Project Belfer Center for Science and International Affairs Harvard Kennedy School 79 JFK Street Cambridge, MA 02138 www.belfercenter.org/D3P European Version partners: The National Democratic Institute www.ndi.org The International Republican Institute www.iri.org Statements and views expressed in this document are solely those of the authors and do not imply endorsement by Harvard University, the Harvard Kennedy School, or the Belfer Center for Science and International Affairs. Design & Layout by Andrew Facini Cover photo: A Slovenian casts his ballot in a box bearing a European Union crest at a polling station in Grosuplje near Ljubljana, Sunday, Oct. 3, 2004. Nationwide general elections are taking place in Slovenia on Sunday. Slovenia joined the EU and NATO earlier this yea. (AP Photo/Darko Bandic) Copyright 2018, President and Fellows of Harvard College DEFENDING DIGITAL DEMOCRACY MAY 2018 The Cybersecurity Campaign Playbook European Edition Contents Welcome ........................................................................................................3 Authors and Contributors ................................................................................................................... 5 The Playbook Approach ...................................................................................................................... 6 Introduction
    [Show full text]
  • Lessons and Recommendations from the 2020 General Election
    S T R E N G T H E N I N G O U R E L E C T I O N S A N D P R E V E N T I N G E L E C T I O N C R I S E S : Lessons and Recommendations from the 2020 General Election Executive Summary The 2020 election was defined by paradox and contradiction. Thanks to millions of poll workers, election officials, and citizens who stepped up to make our democracy work, the election was secure and free from systemic or significant fraud. A record 160 million Americans voted and had their voices heard. Yet still, voter intimidation and racial disparities in access to the ballot continued, our election system was revealed to be aging and unnecessarily confusing, Americans weathered a wave of disinformation and, of course, there were unprecedented efforts to delegitimize and overturn the election results—ultimately leading to a crisis the likes of which we’ve not experienced in modern history. In the end, Congress counted all of the electoral votes, but only after President Trump sought to both coerce federal and state officials to overturn the results, and incited a violent insurrection. This attack on our democracy culminated with white supremacist rioters attacking the Capitol seeking to not only overturn the Constitutional order, but also to take hostages and assassinate members of Congress and the Vice President. While American democracy has survived this crisis so far, we will only be able to prevent the next one if we both 1) ensure accountability for all those who incited, abetted, and participated in the insurrection, and 2) adopt preventative reforms based on the lessons we learned in this election.
    [Show full text]
  • Putin, Trump and Democracy's Slippery Slope Toward Oligarchy
    Putin, Trump and Democracy’s Slippery Slope Toward Oligarchy Acknowledgments The Common Cause Education Fund is the research and public education affiliate of Common Cause, founded in 1970 by John Gardner. Common Cause is a nonpartisan, grassroots organization dedicated to upholding the core values of American democracy. We work to create open, honest and accountable government that serves the public interest; promote equal rights, opportunity, and representation for all; and empower all people to make their voices heard in the political process. This report was produced with the support of small dollar contributions from Americans who believe in transparent, open, and accountable govern- ment, as well as generous grants from the WhyNot Initiative and the Philip & Janice Levin Foundation. It was written by Joe Maschman, a Common Cause legal fellow, and edited by Paul Seamus Ryan, vice president for policy and litigation; Scott Swenson, vice president for communications, Susannah Goodman, director of voting integrity; and Dale Eisman, senior writer/editor. The authors and editors wish to express our thanks to Kerstin Diehn for her design and to Common Cause President Karen Hobert Flynn for her guidance and encouragement in the preparation of this report. Introduction Americans are more united than those who benefit from division want us to believe. Republicans, Democrats, and Independents largely agree that registration and voting should be secure, modern, and convenient, and that all eligible people should be encouraged to vote. As voters, we recognize that the more people who participate in our elections, the better it is for our democracy, making it more likely that the representatives who are elected will listen to the people.
    [Show full text]
  • Carterand Rosenbach
    Fall/Winter 2017–2018 www.belfercenter.org Carter and Rosenbach ENVISION THE BELFER CENTER’S FUTURE When Ash Carter became Secretary of Defense in Their playbook is well-suited to guide a similar effort 2015, he inherited the finest fighting force the world has at the Belfer Center. As Director and Co-Director, Carter ever known. Together with Chief of Staff Eric Rosenbach, and Rosenbach have inherited from Graham Allison the they promptly set out to make it even better. By clarifying world’s No. 1-ranked university think tank. They intend America’s strategic posture, diversifying talent, opening to build on that success by sustaining the Center’s core all positions to women, and thickening relations with mission while widening its aperture; enhancing its unique Silicon Valley and other centers of innovation, Carter and ability to leverage science and technology to meet global Rosenbach left no stone unturned in their drive to opti- challenges; and priming the next generation of leaders in mize the U.S. military’s two critical ingredients: people both scholarship and policymaking. and technology. CONTINUED ON PAGE 3 » PLUS: DEFENDING DIGITAL DEMOCRACY ■ DEFEATING ISIS ■ NEW SENIOR FELLOWS www.belfercenter.org From the Director s Secretary of Defense from 2015 to 2017, AI served a mission vital to global peace and prosperity. I met often with foreign leaders, generals, senators, and CEOs. And because the BELCHER JAKE / MIT military’s excellence depended largely on selfless people and unrivalled technology, I prioritized diversifying our pool of talent and deepening our sources of innovation. Today, I’ve moved from the Potomac to the Charles, but my cause con- tinues.
    [Show full text]
  • December 19, 2017 Records, FOIA, and Privacy Branch Office of Environmental Information Environmental Protection Agency 1200
    December 19, 2017 VIA ELECTRONIC MAIL Records, FOIA, and Privacy Branch Office of Environmental Information Environmental Protection Agency 1200 Pennsylvania Avenue NW (2822T) Washington, DC 20460 [email protected] Re: Freedom of Information Act Request Dear Freedom of Information Officer: Pursuant to the Freedom of Information Act (FOIA), 5 U.S.C. § 552, and the implementing regulations of the Environmental Protection Agency (EPA), 40 C.F.R. Part 2, American Oversight makes the following request for records. On December 15, Mother Jones and the New York Times reported that EPA signed a $120,000 no-bid contract with Definers Public Affairs to provide media services.1 Definers was founded by Joe Pounder and Matt Rhoades, two longtime Republican political operatives. Mr. Pounder and Mr. Rhoades previously founded America Rising, a Republican political opposition research firm. The Times also reported that since President Trump took office, at least 40 FOIA requests have been submitted to the EPA by Allan Blutstein, a vice president for both Definers and America Rising. Many of those requests sought records about EPA employees who had been critical of the Trump administration. Earlier today, it was reported that EPA had decided to cancel the contract with Definers Public Affairs.2 However, many questions remain about the initial decision to award a no-bid contract to 1 See Rebecca Leber et al., The EPA Hired a Major Republican Opposition Research Firm to Track Press Activity, MOTHER JONES (Dec. 15, 2017, 6:00 AM), http://www.motherjones.com/politics/2017/12/the-epa-hired-a-major-republican-opposition- research-firm-to-track-press-activity/; Eric Lipton & Lisa Friedman, E.P.A.
    [Show full text]
  • December 19, 2017 SUBMITTED ELECTRONICALLY Honorable Arthur A. Elkins Jr. Inspector General EPA Office of Inspector General 1
    December 19, 2017 SUBMITTED ELECTRONICALLY Honorable Arthur A. Elkins Jr. Inspector General EPA Office of Inspector General 1200 Pennsylvania Ave, NW (2410T) Washington, D.C. 20460 Re: Suggestions for Audits and Evaluations Dear Mr. Elkins, The mission of EPA’s Office of the Inspector General is to “prevent and detect fraud, waste, and abuse through independent oversight of the programs and operations of the Environmental Protection Agency.”1 We respectfully request that the Office of the Inspector General immediately open an investigation into EPA’s decision to award a $120,000 no-bid contract to Definers Public Affairs Corporation for “news analysis and brief service focusing on EPA work and other topics of interest to EPA,” as well as EPA’s interactions with key Definers affiliates and staff members.2 Although EPA reportedly intends to terminate its contract with Definers3 in light of widespread concern,4 a full investigation is essential to determine whether EPA’s multi- faceted interactions with Definers and its affiliates has led to improper uses of agency resources. In particular, EPA’s no-bid $120,000 contract award to Definers Public Affairs Corporation raises serious questions of potential “waste, fraud, and abuse”: the organization’s partisan character and on-going promotion of Administrator Pruitt suggest that inappropriate 1 EPA Office of Inspector General, About EPA’s Office of Inspector General, https://www.epa.gov/office- inspector-general/about-epas-office-inspector-general#who_what_why. 2 https://www.usaspending.gov/Transparency/Pages/AwardSummary.aspx?AwardID=59978626. 3 See, e.g., https://www.washingtonpost.com/news/energy-environment/wp/2017/12/19/epa-to-end- controversial-contract-with-conservative-media-monitoring-firm/?utm_term=.6e3f99ccd0da; https://twitter.com/PounderFile/status/943172637202755584.
    [Show full text]
  • Securing America's Electoral Systems
    SECURING AMERICA’S ELECTORAL SYSTEMS By Matthew Keating INTRODUCTION In the spring 0f 2017, the American public was made aware of the details of the Russian government’s interference with the 2016 U.S. Presidential election, which included the manipulation of online social media accounts, the proliferation of “fake news” websites, and the hacking of major political campaigns, national party organizations, and even voting machine hardware. While there is no evidence that Russia was able to directly manipulate vote counts, the ability of foreign agents to influence American voters through either direct or indirect social and digital manipulation poses a serious A typical electronic threat to the stability and sovereignty of American democracy. voting machine that The issue of election interference was highly politicized for the may be susceptible first two years of the Trump administration. Most recently, the to electronic publishing of the Special Counsel Investigation (or “Mueller Report” interference. as it is commonly known)—which largely exonerated the 2016 Trump Associated Press campaign staff on charges of collusion—may present the most politically viable time in years for Democrats and Republicans to [This is where you come together to address the issue of foreign election interference. will describe the Given the severity of the past and future threats, there is keen image and why it’s interest for the United States House Intelligence Committee to devise relevant for your some kind of solution which would allow both individual states and briefing topic.] the federal government to combat foreign interference ahead of the [Image Source Here upcoming 2020 Presidential elections.
    [Show full text]
  • States Are on Front Lines of 2020 Election-Security Efforts
    States are on front lines of 2020 election-security efforts By Christina A. Cassidy The Associated Press Dec 26, 2019 SPRINGFIELD, Va. — Inside a hotel ballroom near the nation’s capital, a U.S. Army officer with battlefield experience told 120 state and local election officials that they may have more in common with military strategists than they might think. These government officials are on the front lines of a different kind of battlefield — one in which they are helping to defend American democracy by ensuring free and fair elections. “Everyone in this room is part of a bigger effort, and it’s only together are we going to get through this,” the officer said. That officer and other past and present national security leaders had a message to convey to officials from 24 states gathered for a recent training held by a Harvard-affiliated democracy project: They are the linchpins in efforts to defend U.S. elections from an attack by Russia, China or other foreign threats, and developing a military mindset will help them protect the integrity of the vote. The need for such training reflects how elections security worries have heightened in the aftermath of the 2016 election, when Russian military agents targeted voting systems across the country as part of a multi-pronged effort to influence the presidential election. Until then, the job of local election officials could had been described as akin to a wedding planner who keeps track of who will be showing up on Election Day and ensures all the equipment and supplies are in place.
    [Show full text]
  • Belfer Center Newsletter: Spring 2018
    Spring 2018 www.belfercenter.org BUILDING Cyber Defenses FOR U.S. ELECTIONS by Josh Burek utdated technology. A patchwork of different systems. Front-line Undaunted, a group of young civil servants is working directly Ostaff without formal training. From the standpoint of malicious with political operatives and state and local officials to fortify cam- hackers, U.S. political campaigns and election systems present a rich paigns and elections against cyberattacks and information operations: array of vulnerable targets without critical information or training. Harvard Kennedy School students affiliated with the Belfer Center’s “Frankly, the United States is under attack,” Director of National Defending Digital Democracy Project (D3P). Intelligence Dan Coats told the Senate Intelligence Committee in Founded and led by Belfer Center Co-Director Eric Rosenbach, February, adding that Russia is attempting to “degrade our democratic the Pentagon’s former “cyber czar,” D3P has become a kind of digital values and weaken our alliances.” avengers squad, featuring cyber security professionals, communica- “This is not going to change or stop,” said National Security tions specialists, lawyers, political consultants, and national security Agency Director Admiral Mike Rogers. experts. At a time when even IT operations have taken on partisan Despite the ongoing threat, Washington—hamstrung by internal overtones, D3P is emphatically bipartisan: it is co-directed by Robby divisions—has yet to develop a comprehensive plan to bolster our Mook, Hillary Clinton’s 2016 campaign manager, and Matt Rhoades, democratic defenses. Mitt Romney’s 2012 campaign manager. CONTINUED ON PAGE 3 » Securing Elections: State and local election officials from West Virginia, North Carolina, and Pennsylvania tackle a simulated cyber attack on voting infrastructure during a D3P tabletop exercise in December.
    [Show full text]
  • Securing America's Digital Democracy: Preparing for 2020 Prepared
    Securing America’s Digital Democracy: Preparing for 2020 Prepared Statement by Honorable Eric Rosenbach Co-Director of the Belfer Center for Science and International Affairs at Harvard Kennedy School; former Chief of Staff to the Secretary of Defense and Assistant Secretary of Defense for Homeland Defense and Global Security Before the United States House Committee on Appropriations Subcommittee on Financial Services and General Government Hearing on Election Security and the Integrity of Election Systems February 27, 2019 Introduction Thank you Chairman Quigley and Ranking Member Graves for the invitation to speak to your committee today. It is an honor to be here today to speak to you about our nation’s election security and the integrity of our election systems. The House Committee on Appropriations’ Subcommittee on Financial Services and General Government has jurisdiction over many of the independent federal agencies that are critical to election security in the U.S., including the Election Assistance Commission (EAC) and the Federal Election Commission (FEC). Your subcommittee can play a leading role in helping ensure our democracy is secure and resilient in the face of a myriad of threats. In early February, the U.S. Intelligence Community confirmed that, “there is no evidence to date that any identified activities of a foreign government or foreign agent had a material impact on the integrity or security of election infrastructure or political and campaign infrastructure used in the 2018 midterm elections for the United States Congress.”1 This is certainly a testament to the increased preparedness of state and local election officials; however, we simply should not assume our adversaries have moved away from targeting U.S.
    [Show full text]