The National Institute of Standards and Technology (NIST) has published a draft of its Cybersecurity Framework Election Infrastructure Profile to help local election officials prepare for and respond to cyber threats. The guide covers all phases of the election process – from suggested actions on election day to long-term concerns, such as the maintenance of election and voter registration systems.
According to an NIST press release:
“Written in everyday language, the Draft Cybersecurity Framework Election Infrastructure Profile (NISTIR 8310) draws upon the experience of election stakeholders and cybersecurity experts from across the country, offering an approach for securing all elements of election technology.”
The draft breaks down elections into three areas of risk:
- Pre-election activities -including managing voters, processing candidates and contests, preparing voting materials, and preparing voting machines and processing early voting;
- Election day activities – such as the opening and closing of polling places, the security of the machines, and the collection of absentee ballots; and,
- Post-election actions – such as publishing unofficial accounts and preparing to certify the election.”
One of the authors of the draft stated that this is the first time NIST has combined election security and cybersecurity in one of its playbooks. In creating the guide, the authors worked with state election officials, the Election Assistance Commission (EAC), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA), the DHS Election Infrastructure CSF Joint Working Group, and technology developers – including voting system manufacturers.
NIST is asking for public comments and input, which can be emailed to NISTIR-8310-comments@nist.gov.