Election Security: Protecting the Election Supply Chain

Election Security: Protecting the Election Supply Chain
January 20, 2023
Election Security: Protecting the Election Supply Chain

Comprehensive risk analysis plays an integral part in securing our election supply chains. The following are some key considerations for election system providers as recommended by the Cybersecurity & Infrastructure Security Agency. 

Supply Chain Risk Mitigation Tips

According to the Cybersecurity & Infrastructure Security Agency (CISA) there are four categories that are considered when protecting the election supply chain. Those categories are hardware, software, services, and paper supply. It’s critical that we mitigate risks in each of these categories to protect the integrity of our elections.

 

Hardware

A complex, globally connected supply chain connects many hardware components of election systems. Hardware supply chain risk management is essential for protecting these critical infrastructure hardware components. Here are three tips CISA recommends to protect election infrastructure hardware.

 

Man in server room connecting cables to ports

 

  1. From raw material sourcing to delivery, it's vital to identify every step in the hardware supply chain.
  2. Limit counterfeiting, data theft, sabotage, and hardware vulnerabilities from tampering through the use of computer port seals and other hardware security devices.
  3. The hardware components should be physically examined to ensure all authentic and verifiable documentation (including serial numbers, unique product IDs, etc.) produced during manufacturing are present.

 

Recommendations from CISA

A supply chain risk management plan should be established by election jurisdictions and election providers. As part of their recommendations, CISA and Sector Coordinating Councils (SCCs) endorse using hardware security devices like computer port seals, tamper evident labels, and other devices to strengthen election infrastructure security.

 

Software

Electoral technology providers, election jurisdictions, and service providers can be manipulated by parties wishing to attack the election ecosystem. Here are three tips CISA recommends to protect election infrastructure software.

 

Graphic representing global cybersecurity

 

  1. Implement a security control framework (industry or customized) to define software products offering security features.
  2. For development environments, implement security controls and patch management plans to prevent unauthorized access and tampering.
  3. You should confirm that third-party software (including free/open-source software) complies with certain requirements.

 

Recommendations from CISA

In order to detect and prevent software vulnerabilities at all stages of development and use, election jurisdictions should follow CISA and SCC recommendations.

 

Services

An election organization is likely to have a wide range of service providers, from consultants to custodians. Examine these providers. Here are three tips CISA recommends to protect election infrastructure services.

 

Custodial person walking through airport terminal

 

  1. Your offices, server rooms, or other places where sensitive information is stored may be accessible unsupervised to some service providers. Regularly check and audit employee access to determine contractual obligations and to adjust access if necessary.
  2. Build and test business continuity plans with key service providers to ensure background checks are conducted and sensitive information is backed up.
  3. Set up processes for service providers for ample accountability. Consider systems like serialized locks and access point restriction to mitigate security risk. An example would be to use serialized cable seals to lock sensitive information and equipment with a serial log to track access.

 

Recommendations from CISA

Consider your organization's service providers more broadly. Identify all facilities and networks that they have access to. Providers and their personnel should be carefully vetted, and those that are unnecessary should be removed.

Paper Supplies

Election-related paper supplies are associated with diverse and interconnected supply chains. Therefore, identifying, assessing, preventing, and mitigating their risks is highly imperative. Here are three tips CISA recommends to protect election infrastructure paper supplies.

 

Stacks of paper on a table

 

  1. Demand for paper products is at an all-time high for paper mills. There is typically a long lead time for orders. Make your order from a verified supplier as early as possible to ensure you have enough time for the paper to be inspected.
  2. Additionally, consider that several other election-related raw materials, including envelope paper, inserts for mail packets, stickers, toner for on-demand printers, and others, are also under supply chain stress.
  3. Consider what authenticity tools you’ll use for your paper documents. These tools can range from tamper evident tape, security labels, and hologram labels to secure paper supplies like mail packets, envelopes, and other secure documents.

 

Recommendations from CISA

Plan ahead and place your order early. As a result of unpredictable and delayed delivery times, ballot paper, envelopes, and election materials supply chains are experiencing their longest lead times in decades.

As we move forward, we want to continue to execute best practices for election infrastructure.

 

 

NovaVision offers a wide variety of high quality, tamper-evident security products. We can provide you with a custom solution that meets your needs. Visit novavisioninc.com  or call (800) 336-6636 to learn more about our products and speak to one of our security experts.

Related posts