On October 16, 2018, PIDB Member Alissa Starzak joined a discussion on government and tech industry efforts to achieve election security, with panelists Matthew Rhoades, of the Aspen Institute’s Cybersecurity and Technology Program, Ethan Chumley of Microsoft’s Defending Democracy Program, and Jay Kaplan, the CEO and Co-Founder of the cybersecurity firm Synack. Ms. Starzak spoke on the panel as the Head of Public Policy for Cloudflare, a web performance and security company.
Introducing the topic, Department of Homeland Security (DHS) official Christopher Krebs applauded how Information Sharing and Analysis Centers (ISACs) facilitate the growth in information sharing and cooperation between DHS and state election commissions. As non-profit, member-driven organizations of critical infrastructure owners and operators with a focus on election security, ISACs in 50 states and 13 counties currently provide incident reporting from state and local partners to DHS that simply did not exist before the 2016 election.
In addition to the sector-specific ISACs, individual tech firms now offer pro bono services and innovative tools that mitigate cyber threats to state and local election officials. For example, Mr. Kaplan explained how Synack provides vulnerability identification to state and local officials by crowdsourcing a network of hackers “to get the bad guys.” Ms. Starzak added that in the Alabama special election of 2017, Cloudflare had provided free services to secure Alabama’s election website, and now offers the same support to all state and local election websites for the November 2018 elections and beyond.
Cooperation on election security between DHS and the state and local governments through sector-specific ISACs, augmented by the application of digital solutions through collaboration with innovative tech companies, illustrates the potential of information sharing and IT modernization long advocated by the PIDB (see PIDB White Paper: The Importance of Technology in Classification and Declassification). The modernization of classification and declassification processes and legacy systems through interagency cooperation that PIDB continues to recommend could well benefit from the model of cybersecurity initiatives discussed by Ms. Starzak and her colleagues.
The panel on “Security & Democracy: A discussion about tech and government collaboration on elections security” was held at the Microsoft Innovation & Policy Center in Washington, DC, on October 16, 2018. The discussion will be available on C-SPAN.