Presentation is loading. Please wait.

Presentation is loading. Please wait.

Election Security Presented by: michelle K. tassinari Director and Legal counsel Elections division Office of the secretary of the commonwealth.

Similar presentations


Presentation on theme: "Election Security Presented by: michelle K. tassinari Director and Legal counsel Elections division Office of the secretary of the commonwealth."— Presentation transcript:

1 Election Security Presented by: michelle K. tassinari Director and Legal counsel Elections division Office of the secretary of the commonwealth Date FRIDAY, JUNE 7, 2019

2 Election Security Components of a Voting System: Voting equipment
Statewide database of registered voters Electronic poll books

3 Voting Equipment Federal and state standards for certification of voting equipment Tabulators not connected to the internet Public logic and accuracy testing of tabulators Physical security measures of equipment: Ballot boxes are locked Tabulator locks into the ballot box Program cards locked into tabulator Paper ballots

4 Statewide Database (VRIS)
Can only be accessed through the closed network that connects each of the local election offices to the SOC Users can only access VRIS using the workstations and equipment provided by the SOC Network monitoring Data is backed up nightly Back ups are tested Data audits conducted regularly

5 Electronic Poll Books MA law allows for use in elections, but must be certified by the SOC Currently no systems are certified Used previously for early voting Currently working on security standards and protocols

6 General Cybersecurity
SOC maintains a full cybersecurity team staffed by experienced professionals Use of standards and protocols set by the National Institute of Standards and Technology Passwords, updates, patching, antivirus programs, physical security Requiring cybersecurity training for all users Working with state and federal partners DHS, FBI MA Fusion Center and Executive Office of Technology Services and Security MS-ISAC: Multi-State Information Sharing and Analysis Center

7 Challenges Cybersecurity requires protecting the entire infrastructure, not just elections Providing support to local election officials Many do not have IT staff readily available Technological skills vary Explaining the threats Phishing s Clickjacking DDOS Attacks DNS Compromise SQL Injections Misinformation Campaigns Social Engineering Social Media Compromise Phishing when a scammer uses fraudulent  s or texts, or copycat websites to get you to share valuable personal information. Clickjacking is an attack that tricks a web user into clicking a button, a link or a picture, etc. that the web user didn't intend to click. DDOS is a distributed denial-of-service (DDoS) attack occurs when multiple systems flood the bandwidth or resources of a targeted system. DNS Compromise  is an exploit in which an attacker takes advantage of vulnerabilities in the domain name system. – entire presentation topic DNS is basically PHONEBOOK directory of the internet. SQL injection is a type of attack that can give an adversary complete control over your web application database by inserting arbitrary SQL code into a database query. Misinformation Campaigns or fake news or disinformation meant to confuse or cause distrust or havoc. Social Engineering the use of deception to manipulate individuals into divulging confidential or personal information. Social Media Compromise – Facebook, Twitter, Snapchat, Instagram, Linkedin etc…

8 Contact info: Michelle K. Tassinari Director and Legal Counsel, Elections Division Office of the Secretary of the Commonwealth (617)


Download ppt "Election Security Presented by: michelle K. tassinari Director and Legal counsel Elections division Office of the secretary of the commonwealth."

Similar presentations


Ads by Google