MEDINA – A $50,000 grant from the Ohio Secretary of State’s Office should enhance security measures employed by the Medina County Board of Elections.
The one-time grants have been offered to election boards around the state to help implement high priority items identified by state officials concerned with cybersecurity issues.
Board of Elections Director Carol Lawler said cybersecurity has been a high priority for Ohio Secretary of State Frank LaRose, who was elected in 2018.
“We’ve always taken security seriously but Secretary of State LaRose has made it a big priority,” Lawler said.
“Security has been in our wheelhouse for the last couple of years,” said Pam Miller, president of the Board of Elections. “We’ve had an outside consultant and Homeland Security come in to take a look at things and we’ve taken steps to make sure we have a really safe system.”
Election security has drawn more attention around the country since claims of Russian interference in the 2016 presidential election. Since then, much has been said about preventing more intrusions in the next presidential election. Attempts to avoid interference in the 2020 election have included new, safer voting machines in Medina County and many other places around the country.
Election officials have also been taking other security measures behind the scenes. Some of those are illustrated in a directive LaRose issued to all county boards of election in June.
The Directive instructs county boards of elections on continuing action and outlines additional requirements that each board must take to enhance its overall election security and protect its information technology systems. The directive also explains the grant funding available to counties to enhance their infrastructure.
New security measures require the Board of Elections to utilize these services provided by the Department of Homeland Securities Election Infrastructure Information Sharing and Analysis Center:
• Phishing Campaign Assessment, a six-week evaluation of an organization’s susceptibility and reaction to phishing emails of varying complexity that must be performed once a year;
• Vulnerability scanning of Internet accessible systems on a continual basis;
• Risk and vulnerability assessment of network security based on national threat vulnerability information;
• Remote penetration testing to identify vulnerabilities in externally accessible systems;
• Validated architectural design review of the communications and relationships between devices to identify communication flows.
• Cyber threat hunt on site at the board of elections to determine if a network compromise has occurred.
The Board of Elections has also been required to create an Election Infrastructure Security Assessment for the Center of Internet Security. That report was sent to LaRose’s office which created a list of “high priority” items the board needs to address. Those items are confidential but will hopefully be mitigated with the help of the $50,000 grant.
In addition, the Board of Elections must have representatives take part in online exercises conducted by Homeland Security and provide staff members with annual training on cybersecurity.
The Board of Election must also adopt a domain name ending in “.gov” or “.us” and employ the Domain-Based Message Authentication, Reporting and Conformance service to identify whether an email is from a legitimate source.
The Secretary of State has also provided boards of election with new computers containing the latest security software to use on the dedicated state fiber network.