October is National Cybersecurity Awareness Month. The United States is bracing for another presidential contest in 2024 that will see the use of technology in elections coming under intense scrutiny once again.
I have a couple of colleagues who regularly use building safety analogies to describe cybersecurity.
The first says that, like a fire marshal couldn’t promise with certainty that a building would never catch fire, cybersecurity protectors can’t (or shouldn’t) promise unconditionally that a network would never be breached. A building’s infrastructure can be built out of sound materials, using the best industry standards and practices, so that the building stands the best chance to prevent, or at least minimize the damage from, a destructive fire. The same can be said for a network or system when protecting against cyberattacks. Just as buildings have security cameras, fire alarms, smoke detectors, and sprinklers, networks have firewalls, intrusion detection systems, and data encryption.
The second analogy says that only a building that is properly inspected, maintained, and improved where needed, stands the best chance of surviving a destructive event; weather, war, or even time itself. It is also true that only a computer system that is reviewed, patched, and updated regularly can be expected to withstand cyber threats that are always changing and growing in complexity. Just as fire drills and evacuations are used to test the response to disasters, incident response plans are used to test the response to a cyberattack. Just as children, educators, and law enforcement use drills to evaluate the security of a school building and those within, network defenders use things like penetration testing exercises in hopes of finding potential vulnerabilities in systems before they are exposed under dire circumstances.
Perhaps the most important comparison between the two is that when emergency communications and response systems around these types of events fail, the impact of the event is made much worse. Time may heal all wounds, but it is an enemy to the process of limiting destruction.
The rule of protection, whether in defense of a building and its occupants or a network and its systems of information, is that no single measure is enough to protect against all threats. It requires a layered approach; “defense in depth”, as it is commonly known. Perhaps there is no ecosystem where that approach is more appropriate than election administration, a landscape for which we at the Secretary of State’s Office are responsible for helping to protect.
We take that responsibility very seriously, and, thankfully, we do not bear it alone. Our successes and continued aims are dependent on our partnerships with others: West Virginia’s County Clerks, the WV Fusion Center, the WV Office of Technology, the WV National Guard, Election Systems & Software (ES&S), the Federal Bureau of Investigations, the Department of Homeland Security, the Cybersecurity & Infrastructure Security Agency, the Elections Infrastructure Information Sharing and Analysis Center, and the Center for Internet Security.
Each entity lends its own unique set of tools and perspective to the layered defense of the democratic process we hold sacred. Even voters can play a role in protecting West Virginia elections through the “See Something, Text Something” program. To report suspicious election activity, text “WV” to 45995 and follow the instructions.
Technology is unsettling because, like anything else, it can be good or bad. However, if West Virginia’s election technology is likened to a building, then voters can have confidence that it is inspected, protected, and safe to step inside. Dave Tackett is a lifelong West Virginian in his 30th year of working in Information Technology. Tackett has spent the last 18 years at the WV Secretary of State’s Office and was named Chief Information Officer in 2017 by Secretary of State Mac Warner. He is a graduate of WV Wesleyan College.
Dave Tackett is a lifelong West Virginian in his 30th year of working in Information Technology. Tackett has spent the last 18 years at the WV Secretary of State’s Office and was named Chief Information Officer in 2017 by Secretary of State Mac Warner. He is a graduate of WV Wesleyan College.