Karan Sondhi, Vice President and Chief Technology Officer for the Public Sector, Trellix, on ensuring the integrity of a US election played out in the cyber domain.
Approximately 2 billion voters across more than 60 countries will have voted by now or will participate in voting by the end of 2024. Elections have captured global attention and intensified the cyber domain.
As we reach election day here in the US, however, there is a spotlight on democracy and how imperative it is for the public to have confidence in the integrity of our election systems. Beyond ensuring that all votes are counted accurately and kept secure, election administrators are tasked with securing voter registration databases, election management software and associated IT infrastructure against malicious cyberattacks – all while misinformation and disinformation campaigns are sowing doubt in that trust.
In my work with customers, many of which are election administrators, I have a firsthand look at the immense pressure there is surrounding election infrastructure and ensuring its security. In fact, recent data noted that on just one day during the Democratic National Convention, more than 11m malicious activities were detected against US government organizations—exceeding daily average detections by 55 times.
A three-pronged approach for election administrators
After two decades in cybersecurity, I’ve learned that protecting election systems isn’t about a single solution – it’s about building multiple layers of defense through public-private partnerships. Every election office in the US has access to federal resources that, when combined with enterprise-grade extended detection and response (XDR) systems, create a formidable security posture.
To ensure they’re not left on their back foot if faced with a cyber incident, there are three core areas to prioritize.
- Multi-Layer Authentication & Access Control
It’s no secret that threat actors are becoming increasingly sophisticated. Multi-factor authentication isn’t just a best practice anymore – it’s a necessity for election security. When staff members need multiple ways to prove their identity before accessing sensitive systems, we dramatically reduce the risk of unauthorized access.
Election administrators should not only ensure they have implemented MFA as recommended by the Cybersecurity and Infrastructure Security Agency (CISA) Election Infrastructure Security Resource Guide, but also follow the FBI’s Protected Voices campaign guidance for access management. It’s also important to follow the resources outlined by CISA’s Joint Cyber Defense Collective (JCDC) to stay on top of authentication best practices.
Finally, the importance of regularly auditing user access permissions and removing outdated credentials, as well as educating employees about MFA fatigue attacks, cannot be understated.
- Infrastructure Protection & Monitoring
From experience working with both government agencies and global enterprises, I’ve learned that many election offices don’t realize CISA offers free vulnerability scanning and remote penetration testing services or fully leverage the robust resources for enhanced monitoring provided by CISA’s Shields Up program. Further, the FBI’s InfraGard program offers critical threat intelligence sharing.
While these services provide essential baseline protection, they work best when integrated with advanced endpoint security and XDR capabilities that can detect and respond to threats in real-time.
We have analyzed countless cyber incidents where 24/7 monitoring made the difference between a minor incident and a major breach. For election systems, this continuous monitoring, aligned with NSA and CISA guidelines, becomes even more critical. Robust offline backups following NIST standards aren’t just good practice – they’re essential insurance for our democracy.
- Incident Response and Communication
Having overseen cybersecurity operations for large enterprises, I can’t emphasize enough how crucial incident response planning is. Every election office should have the FBI National Cyber Investigative Joint Task Force and CISA’s Regional Operations Center on speed dial, but they should also have modern security tools that can automatically detect and respond to threats. In cybersecurity, seconds matter.
State fusion centers are becoming the nerve centers of election security, connecting federal intelligence with local response teams. When CISA, the FBI, private sector security leaders and local election offices work together through these centers, we create a security network that’s much stronger than any single entity could provide.
In practice, this looks like coordinating with FBI field offices’ cyber task forces for incident response planning, registering with CISA’s Regional Operations Centers for 24/7 incident support, participating in CISA’s tabletop exercises for election security scenarios, and establishing communication protocols with the FBI’s Internet Crime Complaint Center (IC3), CISA’s Election Security Initiative team, the local FBI office’s cyber team and your state fusion center.
Securing elections for all
Just the threat of a breach can have a deep and lasting impact on public trust. Moreover, intrusions can occur at any time, not just on election day. We know bad actors are constantly working to breach networks or otherwise cause disruption any way they can. And these days, they are more empowered than ever with AI.
As someone who works daily with advanced threat detection and response systems, protecting our election infrastructure requires both cutting-edge technology and strong partnerships. The tools and expertise are available – election administrators just need to take advantage of them. This isn’t about politics; it’s about protecting the fundamental infrastructure of our democracy using the best resources from both the public and private sectors.
