Custom playbooks played a key role in the Arizona election jurisdiction’s security strategy.
RSA CONFERENCE 2021 – The CISO of Maricopa County – which is currently in the midst of a controversial and politically charged recount of the 2020 presidential election results – said the biggest security challenge in the past election year was disinformation campaigns, mostly on social media.
Lester Godsey, the top cybersecurity official for the Arizona county, said in a panel discussion here today that his county during the 2020 election cycle saw attackers attempt port scanning, DDoS attacks, and other cyber activity, but the primary threat they faced was adversaries hacking trust in the election and election systems.
“I would say for 2020, one of our biggest challenges was around misinformation/disinformation from a social media perspective. That in itself was a gamechanger” for the county, he said.
Maricopa County created specialized playbooks for how it would respond to cyberattacks or other disruptive events in the run-up to, and during, Election Day. “On the day of the election… we utilized portions of our playbook around social media monitoring, which we reported internally and passed along to our Fusion Center here,” Godsey said.
He and his team spotted evidence of activity by an advanced persistent threat (APT) actor that the FBI also had been watching. According to Cynthia Kaiser, the FBI’s section chief for cybersecurity, intelligence and federal officials saw evidence of Iranian and Russian nation-state groups waging disinformation campaigns online during the election year.
Kaiser, who spoke on the RSAC election security panel along with CISA senior cybersecurity advisor Geoff Hale, reiterated there was no evidence of threat actors seeking to hack or sabotage the actual vote counts. “We didn’t see them go after the ballot box,” she said. “We saw them go after our minds with an aim toward destabilizing society” by casting doubt on the election system, she said.
Maricopa County’s Godsey said there “was no evidence whatsoever” of impropriety in the election, but misinformation and disinformation clouded perception for some of the integrity of the process.
He said his team will continue to “refine” their election playbooks, as well as their incident response playbooks, information gathering, and visibility, “improving the dashboard in our SIEM so we can more quickly pivot.” They will also automate manual tasks, he said.
Watch the full panel, “Election Security: Lessons from the Front Lines,” here.
Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise … View Full Bio