US election infrastructure is always changing and expanding in the attempt to safeguard the voting process and its results. And with the 2020 election coming up after what is widely believed to be a compromised 2016 voting process, politicians and private citizens alike are more concerned than ever about having a safe and effective election. The US continues to hire private companies in its goal to eliminate fraud, safeguard voter information, and protect the voting process itself.
However, cybersecurity is just one part of election infrastructure. This article defines the different aspects of election infrastructure in detail. If your company is providing products and services to the nation’s election infrastructure community, here is what you need to know:
Election infrastructure defined: What it includes and does not include
The Department of Homeland Security (DHS) defines election infrastructure as any technologies, equipment, processes, locations, or facilities that store components of, manage, carry out, or protect the voting process. On the other hand, campaigns, political action committees, and non-state and local groups are not considered part of the election infrastructure, Here is a summarized list of the DHS categories that comprise election infrastructure:
- Voter registration databases, and any associated IT systems needed to manage them
- IT infrastructure and associated systems that manage the elections, including a) systems put in place for the counting, auditing, and displaying the election results, and b) post-election reporting processes that are established to certify and validate poll results
- Voting systems and any associated infrastructure used to carry out the voting process
- Any storage facilities that house election and voting system infrastructure
- Polling places
Voter registration databases and associated IT systems
Voter registration databases, also known as voter files, are primarily digital. Voter files are built by commercial organizations hired to collect data on American voters and their voting habits (such as who registered to vote, or who voted in the last election). The DHS tells us that files provide substantial information on most of the US adult population to political professionals, candidates, pollsters, academics, and others who do research on elections.
The contents of voter files may come from random samples of voters. They may contain tallies of actual votes as well as the characteristics of voters in specific locations. These files may also include information from outside data sources like credit bureaus, political organizations, and consumer data vendors.
Voter registration databases may take the form of traditional web servers and database platforms that exist at state and/or local levels. As per the Center for Internet Security’s (CIS) handbook on election infrastructure security, voter registration systems are generally comprised of applications that use computing systems built on COTS (commercial off-the-shelf) hardware and software. Both registration systems may be part of a shared computing system, or they could be independent, dedicated systems with their own software.
IT infrastructure and systems for managing elections
These systems generally run on COTS software. Typically, each state has its own electronic management system (EMS) which handles backend activities for the election officials, according to the above-linked handbook. The local jurisdiction typically has a separate EMS that many times connects to the state’s system. The local EMS designs or builds ballots, programs the election database, and reports results, while the state EMS usually handles election night reporting and tracks military and overseas ballots. There is typically some type of connection between the two systems.
Not to be confused with auditing, counting within the election process consists of taking the tally of the vote. Counting can be done by hand by election workers or officials, completed by an automated scanner, or accomplished through using a combination of digital and manual processes.
The process makes sure that the equipment and procedures used during the election worked properly and that the election produced accurate and correct results. The National Conference of State Legislatures (NCSL) distinguishes between recounts and post-election audits. While recounts are requested when there is a close margin of victory, post-election audits may be required regardless of the margin of victory. There are currently 38 states that perform post-election audits.
Displaying and publishing election results
Each state has different ways to communicate and present the results internally to the appropriate offices and the public. IT networks are used for reporting and publishing, and results are published on websites that are accessed by the public. Typically, a “direct and persistent” network connection will exist between the published site and the internet, according to the CIS handbook. The formats in which the results are published include:
- Extensible markup language (XML),
- Hypertext markup language (HTML),
- Portable document format (PDF),
- Comma-separated values (CSV).
Once the results are available to the media, journalists use a variety of ways to report the results to their news centers, which then release the results to the public. For instance, The Associated Press explains how their reporters avoid reliance on digital technologies when reporting on the national election. Instead, the AP has stringers in the 50 states collect the votes at a local level from a county clerk. The stringer then phones in the results, where they are manually keyed in, and subsequently checked and rechecked.
Voting systems and associated infrastructure
Voter registration systems also support paper and electronic poll books. In addition to maintaining each voter’s record, the databases are used to assign voters to the correct polling location, the CIS explains. The systems generate information that is sent back to the voter for verifying registration, finding their polling place, and searching for sample ballots. For these purposes, there is a master voter database at the state level.
Mechanisms for voter access
Many states provide voters with access to their registration system through the state DMV. In some cases, the voter registration system may also run through a county or state registration portal directly, or indirectly by registering on paper and mailing in the form.
Vote capture devices
Vote capture devices are the devices or physical mechanisms used to cast and record actual votes. Approaches and methods vary within and across jurisdictions. Voters may have the choice of paper ballots or electronic machines at a polling place on election day at some voting locations. In addition, a polling site may provide one method for voting for the general population and another for those voters who need accommodations for language or for disabilities.
Storage facilities for election and voting system infrastructure
Storage facilities and voting system infrastructure include buildings, devices, and any online or offline means of storing election-related information. In some states, offline legacy storage systems were still being used within the last five years to transport poll results from local precincts to jurisdiction headquarters, such as thumb devices, CDs, and DVDs. Also, once polling data is no longer in use, it may be stored in offline facilities where it remains indefinitely.
Polling places — including any early polling locations — are considered an essential part of election infrastructure. They require a high level of protection to ensure that an anonymous voting process is unhindered and is successfully carried out.
Jurisdictions and precincts
Traditionally, each voting jurisdiction is divided into precincts the lowest level of a voting jurisdiction. Residents within each jurisdiction report to a specific precinct that has been established in a school or other community location where they cast their votes.
Alternative voting sites
The use of alternatives to traditional precincts are now becoming common throughout the US. At an alternative voting site, voters residing anywhere within the jurisdiction may show up to vote. In fact, some states are using alternative voting sites as an option while others are making them a requirement.
Relevant Government Organizations
Besides the Patriot Act of 2001 (which was later extended to include election infrastructure), two other governing authorities exist that regulate election infrastructure. The first two are NIPP, the National Infrastructure Protection Plan, and the Presidential Policy Directive 21, which was created in 2013. In addition, there are multiple government organizations that support and protect election infrastructure. Here are some of the most significant groups:
The Department of Homeland Security (DHS)
In 2017, the Department of Homeland Securities designated the election infrastructure as part of the nation’s critical infrastructure, making it officially part of the Government Facilities Sector. The Department of Homeland Security works through the Cybersecurity and Infrastructure Security Agency to provide services to state and local election officials in preparing for, managing, and carrying out their election duties. It strives to reduce any cyber and physical risks that their facilities and election systems may be exposed to. With this designation, the National Infrastructure Protection Plan (NIPP) is applicable and may be used in support of the election infrastructure community.
The Government Facilities Sector
The Government Facilities Sector is comprised of different buildings located throughout the US and overseas that are owned or leased by federal, state, local, and tribal governments. Many government facilities are open to the public, while others contain highly sensitive information processes, materials, and equipment, including those that relate to elections. Here are examples of the buildings that make up the government facilities sector:
- Physical structures that house critical systems, networks, and other equipment used for voting
- non-physical infrastructures, including cyber elements and individuals with tactical or strategic knowledge that operate and protect government sector assets (such as closed-circuit television systems and access control systems)
- General-use office buildings
- Special-use military installations
- National laboratories
Cybersecurity and Infrastructure Security Agency (CISA)
The DHS works through CISA to assist state and local election officials in reducing physical and cyber risk to their election facilities and systems. In turn, CISA collaborates with other members of the election infrastructure community who are charged with managing risk to the US election infrastructure, such as venders, state and local governments, federal partners, and election officials.
The National Association of Secretaries of State (NASS):
NASS is composed of the Secretaries of State of all the US states and territories. One of the responsibilities of NASS is addressing election management issues such as voting procedures and voter turnout. It is also concerned with how election-related data is transmitted and archived.
National Association of State Election Directors (NASED)
NASED is a non-partisan professional organization that ensures elections are accessible, transparent, and accurate by making best practices and other vital information on managing elections available to each state. The organization’s members are comprised of election directors throughout the country who implement election laws and policies in their states and maintain voter registration databases.
Election Assistance Commission (EAC):
The EAC provides support to state and local election officials as they work to provide secure, accurate elections that are accessible to everyone. It serves as a national clearinghouse of information on election administration, accredits testing laboratories, and audits the use of Help America Vote Act funds.
Election infrastructure and its challenges
Providing cybersecurity for the myriad aspects of election infrastructure in today’s rapidly transforming digital age remains a challenge. Part of that challenge is that election infrastructure is highly varied, applying to physical devices and storage facilities, virtual and physical processes, and personnel with strategic skills or expertise. Another challenge is that election infrastructure being used on local levels may include legacy methods and devices. Finally, state and local levels of the election infrastructure employ a variety of methods in their processes, both manual and digital, to gather and transmit election data. Companies specializing in cybersecurity must continue to invest in their growth to keep up with the changing needs of the election infrastructure community’s cybersecurity needs as the 2020 national elections approach.
Option3Ventures is the leading venture capital management firm that provides growth and support to companies in management, analytics, and information security. Let Option3Ventures help your cybersecurity company find the venture capital it needs for continued growth in the 21st century. For more information on how Option3Ventures can help, please contact us.