Working with Government to Help Secure Our Elections

You don’t have to be a news junkie to notice one of the bigger stories the media is focusing on these days. Whether it’s local, state or national races, election security has become a serious issue. And it’s easy to understand why. If you think about the psychological impact of any data breach, there’s a sense of theft, of a violation of privacy. When you apply that to a free election -- the very bedrock of our democracy – it can be much worse, in a way. There is a real threat to take away your voice and ability to participate in a democracy.

Even if it’s not a security issue per se, if there is any inkling of interference, it can immediately taint the election. All it takes is a seed of doubt that a nation state or domestic meddler is interfering in an election for people to begin questioning the legitimacy of our country and democratic system. The entire process is undermined. If we get to a point where we don’t believe the election results shown to us, then ultimately, we’ve failed.

What Should be Done

Fortunately, we are not there yet. But it is important that steps be taken to ensure that never happens. At the state level in particular, there must be a more serious approach to securing the applications that run these elections. In any modern election system, there are two main applications: the actual app you use to vote and the app for the voter database/registration. Both are equally important to safe, free elections. But most government agencies don’t have the tools to fully ensure their security.

It all comes down to public trust, and anything that can be done to increase that trust is essential. We have to make sure apps are secure, and that the physical security of where those apps live is secure. It’s similar to the chain of custody within the data world, from the point when someone presses the vote button all the way up to state level. And that comes down to implementing a strong security policy.

Many people likely wonder, why isn’t more being done? It’s not for lack of money. Quite a bit of funding was granted from Homeland Security following the 2016 elections.

A bigger issue is that states simply lack the technology and cybersecurity expertise. Even in the private sector, the skills gap is a well-publicized problem. Keeping and finding talent is one of the bigger challenges facing our industry. But states don’t have the luxury of offering high salaries and lots of perks to lure talent to their doorstep. It’s a tough sell for a state government agency competing against the Googles of the world for top talent. It’s not just a skills problem, it’s a people problem.

Working with Government on Election Security

Obviously, there is an opportunity here for private industry to help address this important issue. But that is easier said than done.

As any sales organization with government contracts will attest, working with the government, at any level, can be challenging. One of the things that makes it so difficult are the requirements that governments have when it comes to procuring software services. This is a real detriment to public sector agencies, as they are so limited in their choices. If you’re only able to choose between two or maybe three software vendors, are you really going to be able to get the best and brightest? Likely not. That’s true of any government project, but state agencies have very strict standards to meet for voting requirements, making it even more of a challenge.

If you do decide it’s in your best interest to work with a government agency on an election security issue, there’s a few things to keep in mind. Number one is to take advantage of the budget that’s available – as strict as it may seem, there may be additional funds available. In my experience, even multi-million-dollar investments. So be sure to educate yourself on the funding that is available and do what it takes to leverage it.

Also, you’ll likely want to partner with other organizations. Chances are, you don’t have the necessary resources in place and teams in place to implement and deploy these tools. But there are other vendors that likely do. As with most public sector projects, it’s going to take a team effort to tackle the job. Ideally, you’ll want to partner with someone who has plenty of experience deploying in the government sector. You’ll also want to operate in a secure environment, with credentialed U.S. citizens or U.S. naturals who will be dealing with data, so you are not opening yourself up to risk.

An Appeal

One final thought, or perhaps an appeal: if you value the legitimacy of our free elections, consider giving something away. In my company’s case, we chose to walk away from a fairly lucrative opportunity and provide our services for free to state, local and federal agencies in North America. This was a situation where we were literally the only vendor that could provide a sufficient solution for a particular agency. But rather than approach that as a profit motive, we felt it was our job to help add a layer of protection to the voting and democratic process.

Longer term, that can pay dividends for your organization. If you can be trusted to help secure the inherently complex process of our country’s election system, you will get the attention of plenty of high-profile organizations in the public sector. But more importantly, you’ve done your part to keep our democracy safe.

Dave Gerry currently serves as chief revenue officer and head of Global Operations for application security firm WhiteHat Security. He specializes in turning-around, leading, and growing revenue and service delivery engines to drive profitable, double and triple digit bookings growth. Focused on the cybersecurity industry, he has held executive roles at other dynamic organizations like Sumo Logic, Veracode and The Herjavec Group. He holds an MBA from Suffolk University and a BA from Merrimack College.