2018 ELECTION SECURITY PLAYBOOK
through accepted practices. This is to ensure that data has not been altered.
Availability – Availability refers to the idea of minimizing downtime. We have controls in place to ensure that our data is highly available, redundant and replicated securely offsite. In case of a disaster, it is important to have plans in place to ensure business continuity while minimizing downtime and impact to voters, which is critical. Future planning will continue to include designing and building everything with redundancy in mind. In addition, disaster recovery policies are in place to overcome disasters such as power failures, fires, and other unplanned disasters. Secure back up of data is also important to make sure access to our data is not disrupted in the event of a disaster. Top Threats and Vulnerabilities In order to properly develop a security plan, the potential threats and exploits must first be identified. In the following section, we give examples of potentials and threats that we have identified. The National Institute of Standards and Technology (NIST), in Special Publication SP 800-30 defines 3 threats as “the potential for a particular threat-source to successfully exercise a particular vulnerability.” NIST Special Publication 800-30 Rev. A defines vulnerability as “a flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised accidentally, triggered or intentionally exploited and result in a security breach.” Threat of Foreign States Foreign States are a significant threat because they have access to resources and technologies that make their cyberweapons more dangerous and difficult to defend against. A large amount of cyber threat intelligence data focuses on preventing a breach or a leak from happening; however, even with companies and governments spending more on network defense, breaches from Foreign States are still occurring. A proper defense strategy must be proactive and engaged. We need to combine technology and techniques to combat Foreign States that try to intervene in our elections and
3 NIST Special Publication 800-30 Revision 1 Retrieved from nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublica- tion800-30r1.pdf
ORANGE COUNTY REGISTRAR OF VOTERS 8
Made with FlippingBook Digital Proposal Creator