The Cybersecurity and Infrastructure Security Agency issued new guidance to help secure the election infrastructure four months before Americans go to the polls.
The Guide to Operational Security for Election Officials, or OPSEC, provides information on potential risks to the voting system and recommends best practices to prevent sensitive data such as voter information or photos of internal systems from falling into the hands of malicious actors, CISA said Friday.
OPSEC identifies and safeguards information and capabilities within an organization. By adopting OPSEC principles, election officials can contribute to maintaining election transparency without exposing data to adversaries, according to the agency.
The guide encourages election officials to imagine how a threat actor may collect pieces of information or indicators to create a bigger organizational picture and find vulnerabilities. Adversaries may collect indicators by browsing social media, reviewing public records, monitoring government offices and personnel, going through a person or organization’s trash and conducting social engineering campaigns, the document revealed.
Regularly training staff on the threats to and ways to protect sensitive information is one of the OPSEC countermeasures that election officials can take ahead of the national elections.
“CISA provides various training programs for election workers, including secure practices, incident response planning, and de-escalation techniques,” said Cait Conley, special adviser to the director of election security at CISA.
The guide is available for download on CISA’s official website.