State Elections Infrastructure To Expand
An initiative involving the state Board of Elections is designed to further secure New York state’s elections infrastructure and protect against foreign interference.
The initiative will help county Boards of Elections strengthen their election cyber security in the face of foreign threats after the Department of Justice released an indictment of 12 Russian intelligence officers accused of hacking during the 2016 elections, which also alleged that Russian intelligence officers hacked into the website of a yet-unidentified state board of elections.
In the 2019 state budget, Gov. Andrew Cuomo included $5 million to expand and further support statewide election cyber security infrastructure. The state will solicit contracts for three independent services for county Boards of Elections, including: cyber security risk assessments; enhanced intrusion detection devices; and managed security services. The state’s Secure Election Center, managed by the state Board of Elections, will also provide statewide, uniform cyber security training to all state and county election officials and staff prior to the mid-term Congressional elections.
“While President Trump stands by those who seek to undermine our democracy, New York is taking aggressive action to protect our elections from foreign interference,” Cuomo said. “There is nothing more sacred than democracy, and New Yorkers should know that when they cast their ballot that their vote is safe. The groundbreaking cyber security initiative we launch today will harden and protect our election infrastructure from the very real threat of foreign meddling. While the President has abdicated his responsibility to defend this country and left our electoral system open to sabotage by foreign adversaries, New York is fighting back and leading the way.”
The state Board of Elections will contract for professional services to conduct a comprehensive, uniform and verified risk assessment at every county Board of Elections. The state Board of Elections has conducted a county Board of Elections risk survey to gain an understanding of the security posture of each county board. The risk assessment will build off the county risk survey. The state contract will provide a uniform and verified third party risk assessment which is critical in ascertaining a security baseline for our statewide elections infrastructure.
Additionally, the state Board of Elections will contract for a vendor to provide enhanced intrusion detection systems and managed security services for all the county Boards of Elections. An intrusion detection system is a system that monitors network traffic for suspicious activity and issues alerts when such activity is discovered. Managed Security Services correlate logs/traffic and creates actionable reports on malicious cyber activity. Quote solicitations will seek to identify qualified companies on backdrop contracts that can fulfill the request for these services.
The Secure Elections Center, housed in the state Board of Elections, will provide uniform online technical training courses and security awareness programs to all state and county election officials and staff. The web-based trainings will be provided prior to the 2018 federal elections. As part of the trainings, officials and staff will learn cyber-hygiene, best email practices and how to identify phishing campaigns, among other topics.