On the heels of the 2018 midterm elections and two years away from the 2020 presidential vote, VMware State & Local Government subject matter experts, Gary Christofferson and Herb Thompson, offer advice and best practices for securing elections systems and strengthening government IT security posture. This is part 2 in a 2-part series on U.S. voting infrastructure vulnerabilities and solutions. For an overview of the core cyber hygiene principles all government agencies should have in place today, check out Part 1.
Securing Election Systems Part 2: Implementing a Zero-Trust Security Model Before, During, and After Election Season
By: Herb Thompson, Industry Security Strategist, SLED, VMware
Implementing a security strategy to protect cross-jurisdictional elections is a critical initiative for state and local election officials. Given the decentralized nature of election responsibility, split between state-wide voter management and local election administration, traditional security approaches do not address a comprehensive security strategy to protect citizen data.
Research from the Ponemon Institute in 2017 found that 77% of successful cyber security attacks utilized the latest advanced techniques to infiltrate and spread laterally from computer from computer. These new attacks render old “protect the data center perimeter” security methods useless. Security experts now recommend implementing a next-gen Zero-Trust Security Model (a “Trust No One/Verify Everything” approach) to address nation-state attacks. Implementing a Zero-Trust security model coupled with good cyber hygiene posture provides election officials with the necessary security to address current and future risks.
VMware has partnered with many states to provide a reliable and secure infrastructure platform for their state-wide voter registration systems. With a broad portfolio of technology solutions inclusive of advanced security, VMware embraces the “trust no one/verify everything” principle by implementing behavior analysis technologies that enable IT to fully understand “good” system activity in order to detect the bad. VMware’s end-to-end, risk-based security strategy is positioned to assist election officials in securing the entire catalog of elections management activities, not just those that occur on election day. Detecting compromised local workstations, stolen credentials, exposed networks, and abnormal behavior must be mitigated year-round.
VMware enforces a Zero-Trust security model through the following capabilities:
- Logical segmentation of election systems from other systems to prevent lateral attacks inside the network
- Multi-factor authentication and policy-based access controls to ensure officials know who is on the network
- Unified endpoint management across devices
- Next-generation behavior analysis that automatically detects and stops bad actors without human intervention
- Automated lifecycle management and patching to consistently protect against new vulnerabilities
VMware’s comprehensive security model enforces end-to-end Zero-Trust requirements to help election officials and government IT address all cyber security threats for apps and data, wherever they reside— from the data center to the cloud and the edge. To learn more, click here.
Herb Thompson is responsible for enabling state, local, and education government organizations to achieve strategic outcomes through the application of new technologies. Prior to joining VMware, Herb served as the State of Wisconsin Deputy State CIO and CTO for six years. As deputy, Herb provided leadership over the state’s enterprise security, architecture, network, data centers, mainframe operations, platform services, PMO, application development, and publishing. While serving as deputy, Herb achieved a number of successes, including consolidating infrastructure and platform services, saving the state over $27 million, and moving the state forward with the implementation of enterprise governance, VOIP, O365, document management, integrated broadband, identity management, hybrid cloud, and an enterprise integrated security roadmap.
Prior to the Deputy role, Herb served as state agency CIO for Health and Family Service, Corrections, and Administration. Serving as CIO in a number of agencies as well as central IT has provided Herb with in-depth knowledge of agency program business as well as the running of a large central IT service organization. Having achieved Six Sigma Green Belt, CISSO, and PMP certifications, the combination of business and technology backgrounds has positioned Herb to design and implement innovative solutions which achieve agency program efficiency and cost objectives.