国家和地方选举网络安全手册（英文版）

2025-04-23 0 0 854.18KB 72 页 5.8玖币

侵权投诉

The State and

Local Election

Cybersecurity

Playbook

DEFENDING DIGITAL DEMOCRACY

FEBRUARY 2018

Defending Digital Democracy Project

Belfer Center for Science and International Aairs

Harvard Kennedy School

79 JFK Street

Cambridge, MA 02138

www.belfercenter.org/D3P

Statements and views expressed in this document are solely those of the authors and do not

imply endorsement by Harvard University, the Harvard Kennedy School, or the Belfer Center for

Science and International Aairs.

Design & Layout by Andrew Facini

Figure Illustrations by Jordan D’Amato

Cover photo: Voting machines in Miami Shores, Fla., Nov. 8, 2016, (AP Photo/Lynne Sladky)

Harvard Kennedy School / Defending Digital Democracy / Version 1.1: February 15, 2018 1

The Cybersecurity

Campaign Playbook

DEFENDING DIGITAL DEMOCRACY

FEBRUARY 2018

Contents

Defending Digital Democracy Project: About Us ..................................................................................................... 2

Authors and Contributors ......................................................................................................................................... 3

Acknowledgments ...................................................................................................................................................... 4

The Playbook Approach .........................................................................................5

Introduction ............................................................................................................7

Background .............................................................................................................8

What’s at Stake .................................................................................................................................................. 8

Cybersecurity Threats to Elections ................................................................................................................... 8

Common Ground ...................................................................................................14

10 Best Practices that Apply to all Election Jurisdictions ..............................................................................14

Security Insights by Election System ..............................................................................................................19

Technical Recommendations .............................................................................. 21

Securing State Election Systems .....................................................................................................................21

Voter Registration Databases and e-Pollbooks .............................................................................................. 22

Vote casting devices ......................................................................................................................................... 32

Election Night Reporting (ENR) .......................................................................................................................40

Internal and Public-facing Communications .................................................................................................43

Appendices ........................................................................................................... 49

Appendix 1. Vendor Selection and Management ............................................................................................49

Appendix 2. Election Audits .............................................................................................................................52

External Resources Guide ....................................................................................55

Election Staer Handout .....................................................................................57

Glossary ................................................................................................................ 59

The State and Local Election

Cybersecurity Playbook

Harvard Kennedy School / Defending Digital Democracy / Version 1.1: February 15, 2018 2

Defending Digital Democracy Project: About Us

We established the Defending Digital Democracy Project (D3P) in July 2017 with one goal: to help defend

democratic elections from cyber attacks and information operations.

ere are two groups on the frontlines of defending democracy: (1) political campaigns, which enable citizens to

pursue elected oce; and (2) election ocials, who ensure the election process is free and fair. Last year, we set

out to provide campaign and election professionals with practical guides to the most applicable cybersecurity best

practices in advance of the 2018 midterm elections. In November 2017, we released “e Campaign Cybersecurity

Playbook” for campaign professionals. Now, in February 2018, we are releasing a set of three guides designed to be

used together by election administrators: “e State and Local Election Cybersecurity Playbook,” “e Election

Cyber Incident Communications Coordination Guide,” and “e Election Incident Communications Plan

Template.” What follows is e State and Local Election Cybersecurity Playbook.

D3P is a bipartisan team of cybersecurity, political, and policy experts from the public and private sectors. To

better understand both the cybersecurity and other challenges that elections face, our team of nearly three

dozen professionals spent six months researching state and local election processes. We visited with 34 state and

local election oces, observed the November 2017 elections in three states, and interviewed leading academic

experts, election equipment manufacturers, and representatives of federal government agencies. We conducted

a nationwide security survey with 37 participating states and territories, which identied detailed nuances in

election processes and their corresponding risk considerations. We hosted two state election cybersecurity

conferences where we engaged state and local election ocials in “tabletop exercise” election simulations to

increase awareness of the cybersecurity threats they face and improve their ability to mitigate those threats.

is research taught us many things. Most importantly, we learned how dicult it is to defend the multifaceted

nature of the elections process. In the United States, elections are among the most complex and decentralized oper-

ations in either the public or private sectors. Every state and locality is unique. We were humbled by the intricacies

of election operations in each state we visited, and inspired by election ocials’ incredible level of commitment to

the democratic process. We also learned that the leadership of election ocials is critical in creating a more secure

system. Secretaries of state, election board members, state election directors, and local election administrators set the

tone—it’s ultimately their job to create a culture in which all sta make security a top priority.

is Playbook is intended for leaders at every level who play a role in running elections. While the future

threats elections face are multifaceted, one principle stands clear: defending democracy depends on proactive

leadership. is Playbook focuses on the U.S. experience, but it is also relevant to election ocials around

the world facing similar threats. We have designed it to identify risks and oer actionable solutions that will

empower state and local election ocials to protect democracy from those who seek to do it harm.

Finally, we would like to thank the election ocials around the country for whom we wrote this guide. You are the

frontline defenders of democracy. We hope this eort helps make that tremendous responsibility a little easier.

Good luck,

e D3P Team

Harvard Kennedy School / Defending Digital Democracy / Version 1.1: February 15, 2018 3

Authors and Contributors

AUTHORS

Meredith Berger, D3P, Harvard Kennedy School

Charles Chretien, Software Engineer, Jigsaw (Alphabet)

Caitlin Conley, Executive Director, D3P

Jordan D’Amato, D3P, Harvard Kennedy School

Meredith Davis Tavera, D3P, Harvard Kennedy School

Corinna Fehst, D3P, Harvard Kennedy School

Josh Feinblum, Chief Security Ocer, DigitalOcean

Kunal Kothari, D3P, Harvard Kennedy School

Alexander Krey, D3P, Harvard Kennedy School

Richard Kuzma, D3P, Harvard Kennedy School

Ryan Macias, Election Assistance Commission

Katherine Mansted, D3P, Harvard Kennedy School

Henry Miller, D3P, Brown University

Jennifer Nam, D3P, Harvard Kennedy School

Zara Perumal, D3P, Massachusetts Institute of Technology

Jonathan Pevarnek, Software Engineer, Jigsaw (Alphabet)

Anu Saha, D3P, Massachusetts Institute of Technology

Mike Specter, D3P, Massachusetts Institute of Technology

Sarah Starr, D3P, Harvard Kennedy School

SENIOR ADVISORY GROUP

Eric Rosenbach, Co-Director, Belfer Center;

Director, Defending Digital Democracy Project

Robby Mook, Co-Director, D3P

Matt Rhoades, Co-Director, D3P

Heather Adkins, Dir. of Information Security and Privacy, Google

Dmitri Alperovitch, Co-Founder and CTO, CrowdStrike

Siobhan Gorman, Director, Brunswick Group

Yasmin Green, Head of Research & Development, Jigsaw (Alphabet)

Stuart Holliday, CEO, Meridian International Center

Kent Lucken, Managing Director, Citibank

Debora Plunkett, former Director of Information Assurance,

National Security Agency

Colin Reed, Senior Vice President, Deﬁners Public Aairs

Suzanne Spaulding, Senior Advisor for Homeland Security,

Center for Strategic and International Studies

Alex Stamos, Chief Security Ocer, Facebook

CONTRIBUTORS

Dmitri Alperovitch, Co-Founder and CTO, CrowdStrike

Arjun Bisen, D3P, Harvard Kennedy School

Drew Bagley, Sr. Privacy Counsel & Director of Global Cyber Policy,

CrowdStrike

Daniel Bartlett, D3P, Harvard Kennedy School

Judd Choate, Colorado Election Director and President, National

Association of State Election Directors

Amy Cohen, Exec. Director, National Association of State Election Directors

Mari Dugas, Project Coordinator, D3P

Alan Farley, Administrator, Rutherford County, Tenn. Election Commission

David Forscey, Policy Analyst, National Governors Association

Robert Giles, Director, New Jersey Division of Elections

Mike Gillen, D3P, Harvard Kennedy School

Chad Hansen, Senior Software Engineer, Jigsaw (Alphabet)

Eben Kaplan, Principal Consultant, CrowdStrike

Matt Masterson, Commissioner, Election Assistance Commission

Sean McCloskey, Election Task Force, Department of Homeland Security

Amber McReynolds, Director of Elections, City and County of Denver, Colo.

Joel Mehler, Senior Consultant, CrowdStrike

Robby Mook, Co-Director, D3P

Rachel Neasham, D3P, LoLa

Daniel Perumal, D3P

Debora Plunkett, former Director of Information Assurance,

National Security Agency

Sean Quirk, D3P, Harvard Kennedy School

Matt Rhoades, Co-Director, D3P

Eric Rosenbach, Co-Director, Belfer Center;

Director, Defending Digital Democracy Project

John Sarapata, Head of Engineering, Jigsaw (Alphabet)

Johanna Shelton, Director, Public Policy, Google LLC

Reed Southard, D3P, Harvard Kennedy School

Suzanne Spaulding, Senior Advisor for Homeland Security,

Center for Strategic and International Studies

Charles Stewart III, Professor, MIT

Michelle K. Tassinari, Director/Legal Counsel, Elections Division, Oce

of the Secretary of the Commonwealth of Massachusetts

Frank White, Independent Communications Consultant

BELFER CENTER WEB & DESIGN TEAM

Arielle Dworkin, Digital Communications Manager,

Belfer Center

Andrew Facini, Publications and Design Coordinator,

Belfer Center

文档加载中……请稍候！
如果长时间未打开，您也可以点击刷新试试。

下载文档到电脑，查找使用更方便

5.8 玖币 0人已下载

立即下载

摘要：

TheStateandLocalElectionCybersecurityPlaybookDEFENDINGDIGITALDEMOCRACYFEBRUARY2018DefendingDigitalDemocracyProjectBelferCenterforScienceandInternationalAffairsHarvardKennedySchool79JFKStreetCambridge,MA02138www.belfercenter.org/D3PStatementsandviewsexpressedinthisdocumentaresolelythoseoftheauthorsan...

展开>> 收起<<

国家和地方选举网络安全手册（英文版）.pdf

共72页,预览5页

还剩页未读，继续阅读

声明：本站为文档C2C交易模式，即用户上传的文档直接被用户下载，本站只是中间服务平台，本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间，仅对用户上传内容的表现方式做保护处理，对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私，请立即通知玖贝云文库，我们立即给予删除！

国家和地方选举网络安全手册（英文版）

相关推荐

开通VIP享超值会员特权

作者详情

相关内容

热门标签

举报选择: