The National Institute of Standards and Technology (NIST) has released draft guidance to help local election officials reduce the risk of cyberattacks on election systems, and is seeking public comment on the draft.
The Draft Cybersecurity Framework Election Infrastructure Profile contains guidelines that will draw upon “the experience of election stakeholders and cybersecurity experts from across the country, offering an approach for securing all elements of election technology.”
“This is the first time we have looked at the entire election infrastructure and put together a cybersecurity playbook,” said NIST’s Gema Howell, one of the publication’s authors in a news release. “We start by helping you think about the election objectives you want to accomplish. Then we help you think through how to prioritize your cybersecurity needs based on those objectives. Once you’re there, we provide informative resources to mitigate your cybersecurity risks,” she added.
The draft guide applies the principles of the NIST Cybersecurity Framework to election systems and is geared toward both physical locations like polling places, and technology involved in voter registration databases, voting machines, and the networks that connect them.
“There are several thousand voting jurisdictions in the United States,” said NIST. “While state and Federal governments play roles in elections, such as providing training courses on running the state’s elections and providing a process for testing and certifying voting equipment, most of the nitty-gritty work of running an election happens at the city or county level, with individual polling places staffed largely by volunteers.”
Comments on the draft will be accepted through May 14, 2021.