"Election security is the top priority of the Florida Department of State and all 67 Supervisors of Elections that we have across the state," said the Florida Secretary of State, Laurel M. Lee, during a Keynote presented at the Florida Cybersecurity Forum in Orlando on November 20th, 2019. Hosted by the Foundation of Associated Industries of Florida (FAIF), the forum's inaugural edition featured an impressive array of speakers and panelists from both the private and public arenas.
Comprehensive Review of Election Security
With the upcoming 2020 elections looming in the not so distant future, and with Florida's checkered election history, Secretary Lee stressed the importance that the government, at both the State and County levels, are placing on election security. She noted that when, on May 22nd, 2019, Governor DeSantis directed her to conduct a comprehensive review of election security in the election's infrastructure statewide, it "really required all of us to think about election security in an entirely new way."
After receiving buy-in from all 67 Supervisors, the Florida Department of State has now conducted an election-specific security assessment statewide, identifying all of the weaknesses across the State. "I'm happy to report that we are now in the phase of the initiative where we're working with Supervisors of Elections to address or mitigate any of the vulnerabilities that were identified as part of that risk assessment," she added.
Establishment of Cybersecurity Bureau
"I'm also thrilled to report that Governor DeSantis has included in his proposed budget recommendations for this year, among other things related to election security, the establishment of his Cybersecurity Bureau at the Department of State, which would include ten dedicated positions," boasted the secretary. "Incidentally, I know many of you work in this industry and are our experts, so keep an eye out for that," she urged the crowd, which, expectedly, consisted of a large number of Cybersecurity & IT professionals.
Primary Concerns
Among other fears regarding Cybersecurity and the election, Secretary Lee spoke of two prime targets for hackers: voting machines and the government's public-facing websites.
Voting Machines
Regarding the touchscreen voting machines that were one of the latest trends a decade ago, the secretary noted that Florida Law requires marked paper ballots. The one exception is for individuals who need the accessibility that a touchscreen provides. To assuage the crowd that this could pose a potentially significant threat, she added that in the 2018 election, only 83 of the more than 8 million ballots were cast through this electronic method. She proudly added that "by January 1st, 2020, all of the supervisors will have completed voting equipment and modernization by either updating their voting system or updating the software and hardware or purchasing new voting equipment." Additional safeguards include pre-election testing and post-election audits.
Public Websites & Public Confidence
"You know, Americans like to have everything right away, and we've grown very accustomed to unofficial election night results coming out. As soon as the polls close, those start coming in, and the public expects to see those on their local elections side. They expect to see them on the Department of State's website. But being public-facing websites, they are far more vulnerable to being attacked or defaced. And while this does not pose the threat of actually affecting or changing the election outcome, it poses a critical threat to public confidence in election outcomes. For example, we have a Presidential Election coming up. If our Department of State's website is attacked and defaced and reflects the wrong person won, and I have to go out the next morning and face the Associated Press and explain that, "No, actually it was the other guy who won the election," the public confidence in our outcome is you irreparably undermined." Regarding the threat of a defaced website, Secretary Lee added, "I will tell you if it comes down to it, I'm takin' it down."
Security Awareness Training
Cybersecurity training for state employees has also been a top priority. "We have conducted Cybersecurity training, and we have the mandatory training for every employee of the Department of State centered on Cybersecurity and physical security related to our buildings. And we've also done a number of trainings throughout the State for supervisors and their staff."
Constant, Evolving Threats = No Finish Line
"Now I will say," concluded the secretary, "despite everything that I just shared with you about progress and safeguards, we also recognize that the threats to our election security are constant and evolving and that we must remain ever vigilant in our efforts to keep the State secure every single day. Domestic and foreign actors attempt to penetrate our networks in an attempt to do us harm. And even though we've made extraordinary progress since 2018, we certainly recognize that there will be no finish line for us when it comes to election security."
When it comes to security (election or otherwise), there certainly is no finish line. Cybercriminals are always searching for vulnerabilities and developing new methods of attacking organizations, large and small, public and private.
Knowing full well the battle ahead, Secretary Lee assured the crowd that, through their comprehensive and unified statewide approach to election infrastructure, "we are working very hard to get this right." Come this time next year, we'll know if all that hard work paid off.
Roy Richardson
Managing Partner & Co-Founder
Roy Richardson is a co-founder, Managing Partner, and CTO of Aurora InfoTech LLC, a leading Cybersecurity & IT consulting firm in Orlando, Florida. He is also a co-author of the Amazon Bestselling book, "Hack Proof Your Business", a Cybersecurity guide for business owners & executive leadership.
Roy has 20+ years of executive management & engineering experience in the Cybersecurity, Information Technology, and Telecommunication industries. The vast experience he gained over the course of his career has given him a unique perspective that allows him to relate to a broad spectrum of business & technology challenges.
How Secure is Your Business?
Cybersecurity is one of the most critical issues in today’s business environment. All businesses today run entirely on technology. For a business owner, what would happen if every piece of technology that runs your business was suddenly compromised or hacked?
Our CTO, Roy Richardson, co-authored “Hack Proof Your Business,” with a group of other high-level IT & Cybersecurity experts from around the nation to provide you with an outline of what to do to protect your business and livelihood from Cybersecurity threats. The Amazon Bestselling book is a must-read Cybersecurity guide for business owners and executive leadership.
No business is too small to avoid getting hacked; it is simply a matter of time. Learn what to do NOW so you can avoid loss of revenue in future.