On March 15, the University of Maryland School of Public Policy and the Center for Public Policy and Private Enterprise (CPPPE) hosted the Center for Internet Security (CIS) for an Elections Infrastructure Cybersecurity panel discussion.
The event served as the public release of the Handbook for Elections Infrastructure Security. SPP Dean Robert C. Orr told the audience, “Normally, launching a handbook would not be news, but when you put cybersecurity and elections together in one sentence, you get the policy equivalent of a category five storm. What we face as a country is a real governance challenge.”
Orr introduced CPPPE Director David Mussington to speak with the audience before the panel discussion. Mussington was a community contributor of the handbook and he leads cybersecurity efforts at the School. Last October, the School and CIS announced an agreement establishing a multidisciplinary partnership for cybersecurity.
“I’d like to emphasize the value of the partnership between CIS and SPP,” Mussington said. “It’s important to share cybersecurity best practices, as in this manual.”
Mussington then introduced the moderator for the discussion, John Gillian, executive chairman for the Center for Internet Security and contributor to the Handbook for Elections Infrastructure Security. “Cybersecurity is not a new topic,” Gillian said. “Elections are different. They’re the bedrock of our democracy, so there’s some anxiety around attacks on elections.”
The distinguished panel included:
- Amy Cohen, Director of Government Outreach, Democracy Works
- Thomas E. Connolly, Director of Election Operations, NY State Board of Elections
- Michael Garcia, Consultant, Center for Internet Security; Primary Author, Handbook for Elections Infrastructure Security
- Secretary Connie Lawson, President, National Association of Secretaries of State; Secretary of State for Indiana
- Matt Masterson, Commissioner, U.S. Elections Assistance Commission
During the event, the panelists discussed the best practices from the handbook and the ways election officials across the nation are implementing cybersecurity measures.
Garcia, primary author of the Handbook for Elections Infrastructure Security, explained the structure of the handbook for the audience, including the 88 best practices included. “88 sounds like a large number,” he said. “We believe most election jurisdictions are already doing some of these best practices. A lot of these things are just good IT management things.”
Secretary Lawson added, “This handbook provides a great tool for states to see how we’re doing. Every state is different, and cybersecurity has always been a priority.”
Cohen echoed Lawson’s statement by saying, “Security has always been part of the election official job description. It’s good to say we have room for improvement, but we are taking concrete steps to improve.”
“All states across the board are working really hard on cybersecurity,” Cohen said. “This is an evolving area for election officials and there’s always things to learn.”