To Help Protect Our Elections, NIST Offers Specific Cybersecurity Guidelines

To Help Protect Our Elections, NIST Offers Specific Cybersecurity Guidelines
The new cybersecurity guide is tailored to election infrastructure, which includes technology involved before, during and after the polls are open. The guide does not address systems dedicated to social media or the systems and software dedicated to supporting campaigns and individual political groups.

Credit: DHS CISA


Making elections secure means protecting against ever-evolving threats to information technology — which scans in-person and mail-in ballots, supports voter registration databases and communicates vote tallies. 


To reduce the risk of cyberattacks on election systems, the National Institute of Standards and Technology (NIST) has released draft guidelines that provide a road map to help local election officials prepare for and respond to cyber threats that could affect elections. Comments on the draft will be accepted through May 14, 2021. 


Written in everyday language, the Draft Cybersecurity Framework Election Infrastructure Profile (NISTIR 8310) draws upon the experience of election stakeholders and cybersecurity experts from across the country, offering an approach for securing all elements of election technology.


“This is the first time we have looked at the entire election infrastructure and put together a cybersecurity playbook,” said NIST’s Gema Howell, one of the publication’s authors. 


The guide applies the principles of the NIST Cybersecurity Framework to election systems. Widely adopted by industry, the framework is not a regulation, but a set of recommended best practices for computer security. NIST has been creating tailored guidance called “profiles” to help particular sectors of society — such as manufacturers — adopt the framework to address their specific needs. 


The new guide is ..