Cybersecurity in the Upcoming 2020 Elections

polling station for election

As the 2020 presidential election draws near, state and local government agencies are making preparations to counter present and future cybersecurity dangers that threaten to undermine our nation’s election process.

Last year, state and local governments suffered 162 ransomware incidents, and these attacks show no signs of letting up, even amid the global health crisis. 

To bolster the nation’s overall safety, the Cybersecurity and Infrastructure Security Agency has generated and released its plan for protecting not only the infrastructure of this year’s election but also the infrastructure utilized by campaigns and political parties. 

From disinformation campaigns to phishing attacks, CISA aims to identify and mitigate any security issues that might compromise the integrity of this election year. Some notable points from CISA’s plan include: 

  • Creating public awareness campaigns that discuss cybersecurity threats. 
  • Providing local and state cybersecurity officials, as well as private companies that provide voting equipment, with additional information about security threats. 
  • At the local level, helping to develop incident response and crisis communication plans. 
  • Offering services such as physical security assessments, remote penetration testing, and vulnerability scanning, among others. 
  • Conducting voluntary security assessments.
  • Working with private firms and briefing staffers about the best practices to follow regarding campaigns.
  • Providing the public and elected officials with information concerning foreign influence campaigns. 

Although these measures are being taken, CISA Director Christopher Krebs stated that much of the responsibility of securing the voting infrastructure will fall to the state and local government agencies.

Below you’ll find a list of enacted and pending bills relating to cybersecurity that have been made at the state level. 

State-Level Cybersecurity Bills: Enacted

  1. Alabama | AL S 54 – Status: Enacted, Chap. 98: Insurers and other entities licensed by the Department of Insurance must develop, implement, and maintain an information security program. It also provides for reporting to the Commissioner of Insurance, the confidentiality of provided information, and for civil penalties under certain conditions.
  2. California | CA A 74 – Status: Enacted, Chap. 23: Makes appropriations for the support of state government for the fiscal year and provides that activities performed by the office shall be designed to minimize overlap. It also works in coordination with statewide cybersecurity efforts. 
  3. Florida | FL H 5301 – Status: Enacted, Chap. 2019-118: Requires the designation of a state chief information security officer and creates the Florida Cybersecurity Task Force.    
  4. Florida | FL S 2500 – Status: Enacted, Chap. 115: Makes appropriations, including funds to county supervisors of elections for cybersecurity initiatives. 
  5. Georgia | GA H 30 – Status: Enacted, Chap. 3: Appropriates funds to the Georgia Cyber Innovation and Training Center to enhance cybersecurity technology for private and public industries through unique education, training, research, and practical applications.
  6. Georgia | GA H 31 – Status: Enacted, Chap. 319: Appropriates funds for cybersecurity training and cybersecurity initiatives in schools.
  7. Iowa | IA H 692 – Status: Enacted: Provides for penalties for using voter registration information, including resale or redistribution of the voter registration list without written permission of the state registrar, for purposes other than those permitted.
  8. Louisiana | LA H 74 – Status: Enacted, Chap. 292: Creates the crime of trespass against state computers, provides for elements of the crime, and also provides for criminal penalties.
  9. Mississippi | MS S 2831 – Status: Enacted: Establishes the Insurance Data Security Law and provides the purpose and intent of the act. It also defines certain terms within the act, requiring insurance licenses in the state to develop, implement, and maintain an information security program. The bill further requires certain notification, investigation, and confidentiality in a cybersecurity event.
  10. Montana | MT H.B. 2 – Status: Enacted, Chap. 483: This bill appropriates money to various state agencies for the upcoming biennium, including funding for many relevant cybersecurity programs and technologies, including next-generation antivirus software, cybersecurity staff, cybersecurity student programs, and many more. The State Information Technology Services Division will report to the legislative finance committee quarterly on the Montana Cybersecurity Enhancement Project.
  11. North Dakota | ND S 2110 – Status: Enacted, Chap. 468: Expands the powers and duties of the Information Technology Department to oversee cybersecurity strategy for all executive branch state agencies. This includes institutions under the control of the State Board of Higher Education, counties, cities, school districts, or other political subdivisions.
  12. Nebraska | S.B. 123 – Status: Enacted, Chap. 546: This bill enacts provisions governing the security and integrity of elections, requiring an annual training class on cybersecurity for those who administer elections. Any records of the Secretary of State or county or city clerk related to election information are confidential and not public records. They may be disclosed only under limited circumstances. 
  13. New Jersey | NJ S 2297 – Status: Enacted, Chap. 213: Revises provisions relating to the State Blockchain Initiative Task Force. 
  14. Nevada | NV S 69 – Status: Enacted, Chap. 392: Revises provisions relating to emergencies and cybersecurity.
  15. Nevada | NV S 123 – Status: Enacted, Chap. 546: Revises provisions relating to elections.
  16. Ohio | OH H 166 – Status: Enacted, Chap. 10: This bill provides funding for cybersecurity initiatives, including the establishment of a cyber range. The cyber range will: (1) provide cyber training and education to K-12 students, higher education students, Ohio National Guardsmen, federal employees, and state and local government employees, and (2) provide for emergency preparedness exercises and training for cybersecurity.
  17. Oklahoma | OK S 261 – Status: Enacted, Chap. 163: Relates to the security of election materials, coercion, and election emergencies. The bill also authorizes post-election audits for certain purposes, provides procedures, and specifies the duties of the Secretary of State Election Board and the Secretary of County Election Board. It also specifies requirements relating to office space and arrangements for county election boards while prohibiting the providing of false or misleading information to prevent registration or voting.
  18. Virginia | VA H 5001a – Status: Enacted, Chap. 1: Revises the budget bill; makes appropriations to various state agencies and programs, including cybersecurity programs.
  19. West Virginia | WV H 2452 – Status: Enacted, Act 123: Creates the West Virginia cybersecurity office and removes the requirements of the Chief Technology Officer to oversee the security of government information. Also created the Cybersecurity office  and provides that the Chief Information Security Officer oversees said office and is authorized to create a cybersecurity framework to assist and provide guidance to agencies in cyber risk strategy.

State Level Cybersecurity Bills: Pending

  1. Georgia | GA S 21 – Status: Pending – Carryover: Will require each local board of education to prescribe mandatory instruction concerning cybersecurity every year in every grade, from kindergarten through grade 12. It will also require the State Board of Education to prescribe a minimum course of study in cybersecurity, providing for duties of the State School Superintendent. 
  2. Illinois | IL H 2829 – Status: Pending: Will create the Financial Institution Cybersecurity Act. The bill provides that persons and entities operating under the authority of the Secretary of Financial and Professional Regulation under the Banking Act, the Insurance Code, the Savings Bank Act, the Credit Union Act, the Corporate Fiduciary Act, and the Residential Mortgage License Act must maintain a cybersecurity program to protect the confidentiality of their information system.
  3. Illinois | IL H 3017 – Status: Pending: Will create the Veterans Cyber Academy Pilot Program Act and provides that the Department of Veterans’ Affairs shall establish and implement a pilot program to provide veterans residing in the state with access to cyber security training, certification, apprenticeships, and additional resources to enter the cyber security field of work. The pilot program shall run from January 1, 2021 to December 31, 2023. The bill also provides specific requirements to the department in implementing the pilot program.
  4. Michigan | MI H 4348 – Status: Pending: This bill provides executive recommendations for an omnibus bill, including funding for improvement of the state’s cybersecurity framework.
  5. Minnesota | MN H 17 – Status: Pending – Carryover: Appropriates money from the Help America Vote Act account for certain authorized purposes and provides for the purposes of modernizing, securing, and updating the statewide voter registration system and for cybersecurity upgrades as authorized by federal law.

Needless to say, states and their local government agencies are going to be making a considerable effort to keep this election year secure and free of external interference. 

The federal government has made notable progress towards improved cybersecurity with the founding of CISA and other agencies, but much of our digital safety is still in the hands of local government organizations like yours. 

Staying Ahead of the Curve with Cybersecurity

With these new laws turning cybersecurity training into a requirement, it’s important that your organization be outfitted with courses that don’t just meet the educational standards but are also convenient and easily accessible to your employees. 

Since everyone is still working from home, getting your people into the office for training isn’t an option for most employers, which is one of the reasons that our online training solutions are ideal.

We offer current and on-demand courses dedicated to Cyber Security, which you can consume on your schedule.

As an ETS Learner, you also receive access to over 60 state and national affiliations and accreditations courses, the completion certificates, and the option to print course materials when needed.

Let’s all do our part in keeping our organizations, our people, and our elections safe from cyberthreats. 

Experience the proven, easy-to-use, and cost-effective benefits of online training by scheduling your free online training consultation today!

Schedule Free Consultation