The Cybersecurity and Infrastructure Security Agency (CISA) released a new guide on July 5 that aims to enhance the security of election infrastructure by providing a thorough overview of operational security (OPSEC) for election officials.
CISA’s “Guide to Operational Security for Election Officials” emphases the importance of viewing data from an adversary’s perspective to holistically assess and mitigate potential threats.
“CISA provides various training programs for election workers, including secure practices, incident response planning, and de-escalation techniques.” said CISA Special Advisor to the Director for Election Security Cait Conley. “This guide is another excellent resource CISA provides the public with to keep our elections safe and secure.”
OPSEC is a systematic approach to identifying and protecting sensitive information, data, or capabilities within an organization, CISA explained.
“Without robust safeguards, sensitive information can be inadvertently or deliberately exposed and exploited by threat actors, potentially impacting the ability of election workers to fulfill their duties, exposing voters’ personally identifiable information (PII) and enabling unauthorized access to internal systems and facilities,” the agency said. “By incorporating OPSEC principles into daily election operations and fostering a culture of security awareness, election workers can significantly reduce the risk of unauthorized disclosures while maintaining a transparent elections process and responding to public inquiries.”
The six-page guide provides real-world examples and mitigation activities to strengthen OPSEC amongst election officials.
CISA’s guide highlights how adversaries can aggregate sensitive pieces of information through a variety of activities, including social engineering.
The guide also offers recommendations for how election officials can apply OPSEC countermeasures to all election security risk areas, including people, operations, cybersecurity, and physical security.
As the 2024 election cycle gears into full swing, CISA has launched a resource page – #Protect 2024 – to help election officials protect against the cyber, physical, and operational security risks to election infrastructure.
Most recently, CISA provided election officials with a framework and practical tools for developing and implementing a year-round communications plan for election security.