Forty members of the National Assocation of Secretaries of State (NASS) serve as their state's designated chief election official, overseeing the conduct of elections according to law. The security and integrity of the voting process is central to this role, which includes routine cyber preparedness and contingency planning for election systems. Providing administrative and technical support for local election officials is also an important part of this work.
NASS is collaborating with a diverse array of state, federal and private sector stakeholders to encourage information-sharing and sound policymaking to assist states with these efforts.
Built-In Safeguards to Our Democracy
As federal officials repeatedly emphasized during the November 2016 presidential election cycle, state and local autonomy over elections is our greatest asset against malicious attacks and systemic fraud. The structural integrity of our electoral process contains some built-in safeguards:
- HIGHLY-DECENTRALIZED: There is no way to disrupt the voting process in any large-scale, meaningful way through cyberattacks because there is NO NATIONAL SYSTEM to target.
- LOW-CONNECTIVITY: State and local election systems do not rely on a great deal of Internet connectivity for their function. For example, voting machines - where actual votes are cast - are not networked and are not connected to the Internet. COMING SOON: FAQ on Election Cybersecurity
- CHECKS AND BALANCES: The process is highly-localized and designed to foster transparency and participation from from end to end.
DHS Critical Infrastructure Designation for Elections
On January 6, 2017, U.S. Homeland Security Secretary Jeh Johnson established a new role for the federal government by designating election infrastracture as critical infrastructure, which DHS interprets to include, "storage facilities, polling places, and centralized vote tabulations locations used to support the election process, and information and communications technology to include voter registration databases, voting machines, and other systems to manage the election process and report and display results on behalf of state and local governments." DHS Overview of Critical Infrastructure
UNANSWERED QUESTIONS - While NASS members recognize the need to share information on threats and risk mitigation in our elections at all levels of government, Secretaries of State have many questions about the parameters of the designation and how it will actually impact state and local election officials.
Related Resources: U.S. Election Assistance Critical Infrastructure Information | NASS Statement on Critical Infrastructure Designation for Elections (Posted: 01/09/17) | Congressional Leadership Letter (Posted: 09/28/16)
- STATE RESPONSES - Individual member responses to the DHS classification of election infrastructure as critical infrastructure:
MINNESOTA: Statement from Secretary Simon in Support of Critical Infrastructure Designation
OREGON: Letter from Secretary Richardson to President Trump Calling for Rescinding of Critical Infrastructure Designation
- LOUISIANA: Secretary Schedler Seeks Assistance from President-elect Trump
- VERMONT: Condos - Our Elections Systems as 'Critical Infrastructure'
- OHIO: Secretary of State Questions What Feds' Labeling of Election Systems as Critical Infrastructure Could Mean
- Comments from NEW HAMPSHIRE Secretary Gardner and ALABAMA Secretary Merrill
- MISSISSIPPI: Secretary Hosemann's Statement on Designation of State Election Systems as 'Critical Infrastructure'
- COLORADO: Secretary Williams Takes Issue with Election System Designation
- CALIFORNIA: Secretary Padilla Statement on Critical Infrastructure Designation for Elections
- GEORGIA: Statement by Secretary of State Brian Kemp on Critical Infrastructure Designation for Elections
IDAHO: Secretary Denney Statement on DHS Critical Infrasture Designation
- MINNESOTA: Statement from Secretary Simon in Support of Critical Infrastructure Designation
RELATED - CURRENT FEDERAL LEGISLATION
H.R. 584 Cyber Preparedness Act of 2017
Introduced to facilitate implementation of the National Cyber Incident Response Plan and designation of the election system as critical infrastructure
- S. 133 Intelligence Authorization Act for Fiscal Year 2017
See Sect. 312, which directs the intelligence community to work on improving “detection, prevention, and mitigation of espionage and cyber attacks by foreign actors against or concerning critical infrastructure.”
- H.R. 584 Cyber Preparedness Act of 2017
Related Federal Alerts/Announcements
Statement by U.S. Election Assistance Commissioner Christy McCormick on DHS Critical Infrastructure Designation
Statement by Secretary Johnson on the Designation of Election Infrastructure as a Critical Infrastructure Subsector
White House Fact Sheet: Actions in Response to Russian Malicious Cyber Activity and Harassment
Joint DHS, ODNI, FBI Statement on Russian Malicious Cyber Activity
Update by Secretary Johnson on DHS Election Cybersecurity Services
- Joint Statement from the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security
- Statement by Sec. Johnson About Election Systems' Cybersecurity
- Statement by Sec. Johnson Concerning the Cybersecurity of the Nation's Election Systems
- EAC Participates on Election Security Call
Readout of Sec. Johnson's Call with State Election Officials on Cybersecurity
- EAC Statement on Election Preparedness
Have some materials to share? Contact: [email protected].
NASS Statement on Critical Infrastructure Designation for Elections
NASS Appoints Secretaries of State to Federal Election Infrastructure Cybersecurity Working Group
NASS Statement on Cyber Security and Election Readiness
More Cybersecurity Resources
National Governors Association Memo on State Cybersecurity Response Plans (Dec 2016)
National Governors Association Memo on Election Cybersecurity (Nov 2016)
U.S. Election Assistance Commission: Election Security Preparedness Resources |
Blog - The Reality of Election Security
U.S. Dept. of Homeland Security (DHS): Security Tip (ST16-001) Securing Voter Registration Data
U.S. Dept. of Homeland Security (DHS): Best Practices for Continuity of Operations (Handling Destructive Malware)
U.S. Dept. of Homeland Security (DHS): Ransomware: What It Is and What To Do About It
National Conference of State Legislatures (NCSL): Electronic Transmission of Ballots