Image Credits: Bill Clark/CQ Roll Call
To secure U.S. election systems from the very real threat of targeted cyberattacks, states might need to reframe their security practices to look more like they would in a tightly controlled corporate environment.
To that end, Centrify, an enterprise cloud-based identity management company, is extending its security offerings to help states cover their bases as part of a “Secure the Vote” initiative. The company is encouraging state and local election boards to employ its services for basic security measures like multi-factor authentication and user privilege management — two easy steps that could thwart potential attacks. To coordinate with states, Centrify is working with the Department of Homeland Security on the budget and procurement processes as states begin to work more closely with the agency on the challenge of election security.
In a conversation with TechCrunch, Centrify CEO Tom Kemp emphasized that states could bolster election security considerably by even undertaking the most basic safety measures.
“There’s some low-hanging fruit that can be done relatively quickly,” Kemp told TechCrunch, noting that this level of precaution would only take “a couple weeks of implementation work.”
As Kemp notes, the hackers targeting state election systems generally try to compromise admin-level accounts with broad system access. Multi-factor authentication requires an external confirmation of user identity in order to log into a system and is widely considered one of the more basic and most robust cybersecurity precautions for individuals and organizations alike. Centrify eschews the “trust but verify” approach, opting instead for a zero-trust security model that verifies user identity at all levels.
State and local election boards can work with Centrify to get free access to the company’s services for eight months, though they’ll need to sign up for an annual plan to get the deal. The company will work with those groups to deploy its services, with discounted on-site rates. Because the company is already registered in the federal procurement system, states have one less hurdle to overcome if they choose to work with Centrify while taking advantage of federal assistance seeking to bolster state election security. According to a federal contractor search, Centrify’s federal contracts have included work with the U.S. Navy and the National Institutes of Health (NIH).
“In order to secure the vote, Election Boards need to protect their election systems, and more importantly, sensitive voter registration information against bad actors,” Kemp said of the announcement. “That starts with adopting a new mindset that compromised credentials are the main attack vector.”