2018 ELECTION SECURITY PLAYBOOK
Elections as Critical Infrastructure On January 6, 2017, the Secretary of the Department of Homeland Security (DHS), Jeh Johnson, designated the Election Infrastructure in the United States as a subsector of the existing Government Facilities Critical Infrastructure sector. This designation by DHS means that the Election Infrastructure has become a priority for cybersecurity assistance and protections that DHS provides to a range of private and public-sector entities. Election Infrastructure has been defined as storage facilities, polling places and centralized vote tabulation locations used to support the election process. It is also defined as information and communications technology to include voter registration databases, voting machines, and other systems to manage the election process and to report and display results on behalf of state and local governments. Critical Infrastructure is a major concern for cybersecurity threats and vulnerabilities. Core Information Security Principles The OCROV has adopted guiding principles that describe our security objectives, which we refer to as our core information security principles. The core information security principles are an integral part of our information security architecture. The principles are the basis for many of our efforts outlined throughout this document. Our office uses a principle referred to as CIA, which is defined as 2 : Confidentiality – Confidentiality refers to protecting sensitive information, such as Personally Identifiable Information (PII). Any two of the following data points together – a name with address, Social Security number, driver’s license, etc. – are considered PII and must be protected as data assets. The principle of “least privilege” is the idea that only authorized individuals or systems should have access to information on a need-to-know basis. This principle is intended to prevent unauthorized disclosure of voter information, PII or other sensitive voter data. Integrity – Integrity refers to the prevention of unauthorized or improper modification of systems and information. Integrity includes the principle that information should be protected from intentional, unauthorized, or accidental changes. Controls are put in place to ensure that information is only modified
2 Tipton, Harold F. Official (ISC)2 guide to the CISSP CBK. Boca Raton, FL: CRC Press, 2010. Print.
ORANGE COUNTY REGISTRAR OF VOTERS
7
Made with FlippingBook Digital Proposal Creator