Election Security Presented by: michelle K. tassinari Director and Legal counsel Elections division Office of the secretary of the commonwealth.

Slides:



Advertisements
Similar presentations
Election Night Results and Reporting Webinar 1. Application Overview Election Results Reporting provides an easy and just-in-time reporting of Statewide.
Advertisements

Social Network Security Issues: Social Engineering and Phishing Attacks Jeffrey Allen, Leon Gomez, Marlon Green, Phillip Ricciardi, Christian Sanabria.
Charlie Daniels Arkansas Secretary of State HAVA Compliant Voting Systems Security Considerations General Recommendations to Enhance Security and Integrity.
DOs & DON’Ts of EARLY VOTING Michael Winn Director of Elections Travis County Texas.
Election Observer Training 2008 Elections Certification & Training Program
Primary Election Process Party Executive Committee Certification Presented by: Elections Division of the Mississippi Secretary of State’s Office.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Electronic Poll Book Statutory Overview and VSTOP December 18, 2013 Brad King Co-Director, Indiana Election Division 2014 Election Administrators Conference.
Norman SecureSurf Protect your users when surfing the Internet.
External Threats to Healthcare Data Joshua Spencer, CPHIMS, C | EH.
1 Internet Security Threat Report X Internet Security Threat Report VI Figure 1.Distribution Of Attacks Targeting Web Browsers.
Council of Europe e-voting meeting Progress Report – Austria Andreas Ehringfeld INSO - Industrial Software Institute of Computer Aided Automation | Vienna.
Marketing of Information Security Products. The business case for Information Security Management.
MassVetsAdvisor.org An easy to use website that combines Veteran benefits and broadband adoption. CONNECTING THE COMMONWEALTH
ELECTIONS Upcoming Trends. ELECTIONS ADMINSTRATORS Duties o Protect the security and integrity of the elections o Redistricting o Secure polling locations.
Secretary of State Voting System Security Standards Juanita Woods Secretary of State Elections Division HAVA Information Security.
Georgia Electronic Voting System Testing and Security Voting Systems Testing Summit November 29, 2005.
Maritime Cyber Vulnerabilities in the Energy Sector Center for Joint Operations of the Sea ODU Maritime Institute Students Crow, Fresco, Lee.
Phishing: Trends and Countermeasures Blaine Wilson.
How and what to observe in e-enabled elections Presentation by Mats Lindberg, Election Adviser, Organisation for Security and Co-operation in Europe (OSCE)
Vote Center Regional Meeting April Today’s Discussion 1.Why vote centers 2.How to become a vote center county 3.Vote Center Clerk experiences 4.Questions.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
Sources of Network Intrusion Security threats from network intruders can come from both internal and external sources.  External Threats - External threats.
Elections - The ultimate time constrained project Marie Gregoire, PMP 1.
1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:
Taking on Tomorrow's Challenges Today Taking on Tomorrow's Challenges Today Almost every organisation has been attacked …. But most don’t know about it!
AP CSP: Cybercrime.
Anytime, Anywhere Anyone (AAA) Internet Voting in India
for Election Infrastructure
CYBERSECURITY SOLUTIONS
Chapter 7: Identifying Advanced Attacks
State Board of Elections Computers
EVoting 23 October 2006.
CYBERSECURITY By Salomon Frangieh CISBC.
Canvassing, Reporting and Preserving Results
CONFIDENCE IN COLORADO’S ELECTIONS
Big Picture How many ways can a system be attacked? What can we do about it?
Jon Peppler, Menlo Security Channels
Improving Reliability of Direct Recording Electronic Voting Systems
Little work is accurate
Auburn Information Technology
Week 7 Securing Information Systems
Internet Worm propagation
Election Security Best Practices
Curating an Effective Security Culture
The usage of ICT in the election process in Bulgaria
Election Code Public Information
Texas Secretary of State Elections Division
Election Code Public Information
Texas Secretary of State Elections Division
Unit 1.6 Systems security Lesson 2
Election Code Public Information
Cybersecurity in Elections Infrastructure: Risks and Mitigations
David J. Carter, CISO Commonwealth Office of Technology
Election Code Public Information
Brute force attacks, DDOS, Botnet, Exploit, SQL injection
Election Night Returns and Canvassing
What The States Are Doing on Election Security
Back-End Data Security
Election Security Best Practices
Election Night Returns and Canvassing
Security week 1 Introductions Class website Syllabus review
Business Compromise and Cyber Threat
Policies and Procedures to Protect you, your Office and your Data
Cyber security and Computer Misuse
What is Phishing? Pronounced “Fishing”
WJEC GCSE Computer Science
Module 4 System and Application Security
Why Cyber Security is important to SME? Useful Tips on how you protect and secure your business. By Ronald Soh from Win-Pro Consultancy Pte Ltd
Idaho Secretary of State
Presentation transcript:

Election Security Presented by: michelle K. tassinari Director and Legal counsel Elections division Office of the secretary of the commonwealth Date FRIDAY, JUNE 7, 2019

Election Security Components of a Voting System: Voting equipment Statewide database of registered voters Electronic poll books

Voting Equipment Federal and state standards for certification of voting equipment Tabulators not connected to the internet Public logic and accuracy testing of tabulators Physical security measures of equipment: Ballot boxes are locked Tabulator locks into the ballot box Program cards locked into tabulator Paper ballots

Statewide Database (VRIS) Can only be accessed through the closed network that connects each of the local election offices to the SOC Users can only access VRIS using the workstations and equipment provided by the SOC Network monitoring Data is backed up nightly Back ups are tested Data audits conducted regularly

Electronic Poll Books MA law allows for use in elections, but must be certified by the SOC Currently no systems are certified Used previously for early voting Currently working on security standards and protocols

General Cybersecurity SOC maintains a full cybersecurity team staffed by experienced professionals Use of standards and protocols set by the National Institute of Standards and Technology Passwords, updates, patching, antivirus programs, physical security Requiring cybersecurity training for all users Working with state and federal partners DHS, FBI MA Fusion Center and Executive Office of Technology Services and Security MS-ISAC: Multi-State Information Sharing and Analysis Center

Challenges Cybersecurity requires protecting the entire infrastructure, not just elections Providing support to local election officials Many do not have IT staff readily available Technological skills vary Explaining the threats Phishing Emails Clickjacking DDOS Attacks DNS Compromise SQL Injections Misinformation Campaigns Social Engineering Social Media Compromise Phishing when a scammer uses fraudulent emails or texts, or copycat websites to get you to share valuable personal information. Clickjacking is an attack that tricks a web user into clicking a button, a link or a picture, etc. that the web user didn't intend to click. DDOS is a distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system. DNS Compromise  is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system. – entire presentation topic DNS is basically PHONEBOOK directory of the internet. SQL injection is a type of attack that can give an adversary complete control over your web application database by inserting arbitrary SQL code into a database query. Misinformation Campaigns or fake news or disinformation meant to confuse or cause distrust or havoc. Social Engineering the use of deception to manipulate individuals into divulging confidential or personal information. Social Media Compromise – Facebook, Twitter, Snapchat, Instagram, Linkedin etc…

Contact info: Michelle K. Tassinari Director and Legal Counsel, Elections Division Office of the Secretary of the Commonwealth (617) 727-2828 Michelle.Tassinari@sec.state.ma.us