Interview: GCA Exec Director Megan Stifel on the One-Year Anniversary of Elections Toolkit

Today is the one-year anniversary of the launch of the Cybersecurity Toolkit for Elections and we are joined by Megan Stifel to tell us a little more about it. Hello Megan and thanks for joining us!

Hi Krista, happy to be here today!

GCA launched the Cybersecurity Toolkit for Elections one year ago in June 2019 - tell us a little about the partners you are working with and what systemic cyber risk it was designed to address?

In developing the Toolkit GCA worked with the Center for Internet Security (CIS), one of our Founders and the author of the Handbook for Elections Infrastructure Security. We also solicited input from a number of state and local elections and cybersecurity officials as well as a small advisory committee in order to ensure the content and approach were as accessible and useful as possible.

That’s great that you were able to collaborate with those entities. The toolkit is primarily US focused - does the differences between states’ approaches to elections impact their use of the toolkit?

The Toolkit can be used by anyone, however some tools may be restricted to organizations that meet the tool’s owner’s criteria. For example, Albert Network Monitoring offered by CIS can only be used by U.S. State, Local, Tribal, and Territorial governments. While state and local elections are governed uniquely, generally speaking the actions to secure them have common core steps including identifying all assets, configuring them securely, ensuring up to date patching, securing access, using antivirus, backing them up, and monitoring.

Could you just explain a little about the different guidance organizations have offered to protect elections and where the Toolkit fits in?

A plethora of guidance both technical and policy oriented has been issued over the years, and particularly since the 2016 elections. Much of this guidance is high level, perhaps due to the breadth of elections offices in the United States. The Toolkit on the other hand offers specific technical guidance that applies regardless of the particularities of a jurisdiction.

Yes, that kind of practical, hands-on assistance is so important. As we look ahead beyond the 2020 Presidential Elections in the U.S., what are the plans for the toolkit?

We’ll review any new guidance issued following the elections and work to include new tools accordingly. We invite feedback at any time at and accept applications for tool inclusion via the Toolkit website. Feedback can also be given here via the Forum. We evaluate tools regularly to ensure their ongoing relevance and a Change Control Board reviews applications for inclusion and decisions on removal.

We certainly encourage the feedback and suggestions for new tools. In celebration of the one-year anniversary of the elections toolkit, you’ll be hosting a webinar this Monday, June 29. Can you tell us a bit about that session, which will include discussion of how COVID-19 is impacting us?

We will have two panels in the webinar, the first focused on discussing the different resources available from the government and other non-profit organizations and the second focused on making concrete recommendations to enhance security before November. Participants include representatives from DHS, CIS, Mitre, the Alliance for Security Democracy, and the Brennan Center and a former Secretary of State will moderate each panel.

Thanks Megan - that definitely sounds like an interesting event! Folks can register here for the webinar being held on Monday 29 June at 1:30pm- 3.15pm ET:

The toolkit is accessible here: Elections - GCA Cybersecurity Toolkit | Tools and Resources to Improve Your Cyber Defenses
Help with implementing the tools is available here, via the forum.

For those that missed the live webinar on 29 June here are the takeaways, additional resources and link to the recording: