ISACA research points to the need for more training and education
In the lead-up to the 2020 US elections, the nonpartisan global technology association ISACA surveyed more than 3,000 IT governance, risk, security and audit professionals in the US in January and again in July. Results show that confidence levels in securing the election are low—and declining. While federal, state and local governments continue to harden election infrastructure technical controls and security procedures, 56 percent of respondents are less confident in election security since the pandemic started—signaling the need for greater education of the electorate and training of election personnel to drive awareness and trust.
Respondents to ISACA’s 2020 Election Security Survey
say they believe that funding, legislation, technical controls and election infrastructure are all inadequate, including 63 percent who are not confident in the resilience of election infrastructure, and 57 percent who believe that funding is not sufficient to prevent hacking of elections.
Respondents identified the following as the top threats to election security:
- Misinformation/disinformation campaigns (73%)
- Tampering with tabulation of voter results (64%)
- Hacking or tampering with voter registration rolls
- Hacking or tampering with voting machines (both 62%)
The combination of low confidence and high perception of threats requires a call to action, according to retired Brigadier General Greg Touhill, CISM, CISSP, ISACA board director and president of the AppGate Federal Group, who also previously served as the first federal CISO.
“The overwhelming majority of localities have sound election security procedures in place, but the public’s perception does not match the reality,” says Touhill. “This means that governments, from the county level on up, need to clearly and robustly communicate about what they are doing to secure their election infrastructure. As the study indicates, the most real threat to the election—impacting all candidates from all parties—is misinformation and disinformation campaigns.”
The survey found that respondents believed the following actions could help ensure voter confidence and accountability:
- Educating the electorate about misinformation (65%)
- Using electronic voting machines with paper audit trails (64%)
- Increased training for election and election security personnel (62%)
“As a learning organization, ISACA has long recognized the power of education. In the case of election security, education has the power to instill confidence, ensure the election professionals and volunteers are well trained, and help the electorate identify and share information that is accurate instead of information that is intended to manipulate voters’ perceptions,” said Nader Qaimari, ISACA chief learning officer.
For full survey results and perspectives from information security experts, visit www.isaca.org/election-security
. An upcoming free webinar on election security taking place on 1 October will feature speakers including Touhill; Ginny Badanes, Director of Strategic Projects at Microsoft’s Defending Democracy Program; Kevin McDermott, Chief Technology Officer of Cook County Clerk’s Office; and Chris Wlaschin, Vice President of Systems Security and CISO of Election Systems & Software. To register, visit www.isaca.org/education/online-events/lms_w100120
For more than 50 years, ISACA® (www.isaca.org) has advanced the best talent, expertise and learning in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations and enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its 145,000 members who work in information security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including 223 chapters worldwide.