14 DAY TRIAL // According to a report by the Center for Election Innovation and Research (CEIR) nonprofit, shows that voter registration databases (VRDBs) are more secure in 2018, with most states involved in the survey have added access monitoring and backups.
CEIR's survey looked at three major areas of VRDB security, prevention, detection, and mitigation to be able to quantify the progress made by the surveyed US states since the 2016 election.
Although many of the 26 states surveyed managed to step up their cybersecurity efforts, there still are many areas where VRDB security is still lacking.
Moreover, multi-factor authentication is only used in 13 out of the 26 states, the other ones allowing unsecured logins that could be bypassed by threat actors that obtain login credentials.
Out of the states which deployed MFA on their VRDBs, most of them are using physical MFA device, while three use SMS-based MFA and the other two time-based one-time passwords (TOTP) for verifying logins.
More than half of the 26 states surveyed have added CDNs and DDoS mitigation tools to protect VRDBs
All states that took part in the research had also implemented HTTPS to encrypt the data transferred between users and VDRBs, with twenty-two using HTTPS on all websites, even when personally identifiable information was not conveyed.
The survey also checked the implementation of CDNs and DDoS mitigation tools with more than a quarter of the total number of states having CDNs setup and more than half of them having implemented DDoS mitigation measures.
“The survey shows just how much progress states have made since 2016 in key areas of cybersecurity to prevent, detect, and mitigate foreign interference,” said David Becker, executive director of CEIR.
This report comes to show that at least some of US states have taken seriously the notification issued by the Department of Homeland Security in 2017 to Congress members that election-related websites, networks, and computing systems were targeted by threat actors in 2016.