Jim Richberg, Public Sector Field CISO, Fortinet
Managing Risk and IT Investment in the 2020 Elections
We face a perfect storm of five COVID-related factors in conducting the 2020 elections.
- PARTICIPATION IS UP
- COST IS UP
- COMPLEXITY IS UP
- SECURITY RISK IS UP
- GOVERNMENT RESOURCES ARE DOWN
Given these challenges, election officials need to take a hard-headed approach to risk management, especially as they implement support to increased absentee/mail-in voting.
Recommendations for Risk Management
A risk management strategy can help identify the critical elements of the problem and break them down into bite-sized “chunks.”
- Focus on minimizing likelihood or impact of non-recoverable errors. This entails balancing high profile/embarrassing outcomes (such as slow tallying of results) that you can ultimately work through against those where the consequences may be irreversible (such as those that affect voter participation).
- Identify which processes and issues can be handled by ‘more of the same’ (i.e., adding resources) and which require a change in procedure, technology, or location.
- Have a multi-tiered contingency plan in place for making prompt use of additional funding. If you receive additional resources from the Federal government this summer, now is the time to figure out how to spend this funding effectively.
- Find a trusted advisor who has expertise on the core issues, the technology, and who knows your environment and available options such as shared services. An advisory team should ideally include someone who knows the state’s legal landscape, someone who knows election system technology, and someone with expertise in IT and cybersecurity solutions.
Leveraging Information Technology
Automation is key to successfully doing more with less. Officials should consider the following for optimizing the impact of their investment.
- Look for innovative IT solutions. Secure cloud services and Software-Defined Networking—especially in the form of SD-WAN and SD Branch services—can enhance networking and connectivity. These technologies are cheaper, more flexible, provide a better user experience, and can be used for non-election government IT purposes as well.
- Look for dual use or multipurpose IT options. If you don’t have the money to do everything necessary, security is likely to be on the list of functions left unfunded. Look for options where security is fully integrated into the technology solution --such as Secure SD-WAN products, which offer networking performance and security.
- Find and work with a trusted partner to triage your election security priorities. Even if you look for multipurpose solutions, there are likely to be functions such as endpoint security or multifactor authentication that are fundamentally about security. The right partner can help you:
- Take advantage of security device consolidation to reduce Total Cost of Ownership
- Emphasize “Zero touch” provisioning and operation so that a solution can be “plug-and-play”
- Ensure maximum interoperability with other security products
Despite the challenges, this is an issue where we collectively cannot afford to fail. The American people expect and deserve free, fair, safe, and secure elections