Forty members of the National Assocation of Secretaries of State (NASS) serve as their state's designated chief election official, overseeing the conduct of elections according to law. Ensuring the integrity of the voting process is central to this role, which includes cyber preparedness and contingency planning, as well as administrative and technical support for local election officials.
NASS Election Cybersecurity Task Force Members
Built-In Safeguards to Our Democracy
As federal officials repeatedly emphasized during the November 2016 presidential election cycle, state and local autonomy over elections is our greatest asset against malicious attacks and systemic fraud. The structural integrity of our electoral process contains some built-in safeguards:
- HIGHLY-DECENTRALIZED: There is no way to disrupt the voting process in any large-scale, meaningful way through cyberattacks because there is NO NATIONAL SYSTEM to target.
- LOW-CONNECTIVITY: State and local election systems do not rely on a great deal of Internet connectivity for their function. For example, voting machines - where actual votes are cast - are not networked and are not connected to the Internet.
- CHECKS AND BALANCES: The process is highly-localized and designed to foster transparency and participation from from end to end.
DHS Critical Infrastructure Designation for Elections
On January 6, 2017, U.S. Homeland Security Secretary Jeh Johnson established a new role for the federal government by designating election infrastracture as critical infrastructure, which DHS interprets to include, "storage facilities, polling places, and centralized vote tabulations locations used to support the election process, and information and communications technology to include voter registration databases, voting machines, and other systems to manage the election process and report and display results on behalf of state and local governments." DHS Overview of Critical Infrastructure
STATES OPPOSE DESIGNATION - While NASS members recognize the need to share information on threats and risk mitigation in our elections at all levels of government, Secretaries of State oppose the critical infrastructure designation and call on the Trump Administration to rescind the classification:
NASS Resolution Opposing the Designation of Elections as Critical Infrastructure
Related: U.S. Election Assistance Critical Infrastructure Information | NASS Statement on Critical Infrastructure Designation for Elections (Posted: 01/09/17) | Congressional Leadership Letter (Posted: 09/28/16)
- STATE RESPONSES - Individual member responses to the DHS classification of election infrastructure as critical infrastructure:
MINNESOTA: Statement from Secretary Simon in Support of Critical Infrastructure Designation
LOUISIANA: Secretary Schedler Seeks Assistance from President-elect Trump
VERMONT: Condos - Our Elections Systems as 'Critical Infrastructure'
Comments from NEW HAMPSHIRE Secretary Gardner and ALABAMA Secretary Merrill
COLORADO: Secretary Williams Takes Issue with Election System Designation
CURRENT FEDERAL LEGISLATION
S. 515 State Cyber Resiliency Act (H.R. 1344)
Seeks to provide Federal Emergency Management Agency-administered grants for state and local cybersecurity planning and implentation/encourages addressing critical infrastructure systems in such efforts.
S. 412 State and Local Cyber Protection Act of 2017
Seeks to amend the Homeland Security Act of 2002 to require state and local coordination on cybersecurity with the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC). Introduced
H.R. 584 Cyber Preparedness Act of 2017
Introduced to facilitate implementation of the National Cyber Incident Response Plan and designation of the election system as critical infrastructure.
- S. 133 Intelligence Authorization Act for Fiscal Year 2017
See Sect. 312, which directs the intelligence community to work on improving “detection, prevention, and mitigation of espionage and cyber attacks by foreign actors against or concerning critical infrastructure.”
- S. 515 State Cyber Resiliency Act (H.R. 1344)
Related Federal Alerts/Announcements
Statement by U.S. Election Assistance Commissioner Christy McCormick on DHS Critical Infrastructure Designation
- Statement by Secretary Johnson on the Designation of Election Infrastructure as a Critical Infrastructure Subsector
White House Fact Sheet: Actions in Response to Russian Malicious Cyber Activity and Harassment
Joint DHS, ODNI, FBI Statement on Russian Malicious Cyber Activity
Update by Secretary Johnson on DHS Election Cybersecurity Services
- Joint Statement from the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security
- Statement by Sec. Johnson About Election Systems' Cybersecurity
- Statement by Sec. Johnson Concerning the Cybersecurity of the Nation's Election Systems
- EAC Participates on Election Security Call
- Readout of Sec. Johnson's Call with State Election Officials on Cybersecurity
- EAC Statement on Election Preparedness
Have some materials to share? Contact: [email protected].
NASS Statement on Critical Infrastructure Designation for Elections
NASS Appoints Secretaries of State to Federal Election Infrastructure Cybersecurity Working Group
NASS Statement on Cyber Security and Election Readiness
State Laws & Practices for the Emergency Management of Elections
(Posted: Feb 2014)
More Cybersecurity Resources
National Governors Association Memo on State Cybersecurity Response Plans (Dec 2016)
National Governors Association Memo on Election Cybersecurity (Nov 2016)
U.S. Dept. of Homeland Security (DHS): Security Tip (ST16-001) Securing Voter Registration Data
U.S. Dept. of Homeland Security (DHS): Best Practices for Continuity of Operations (Handling Destructive Malware)
U.S. Dept. of Homeland Security (DHS): Protect Your Data Against Ransomware
National Conference of State Legislatures (NCSL): Electronic Transmission of Ballots