Why North Carolina Outsourced Election Cybersecurity to a ‘CISO-as-a-Service’

The following is press coverage on Woodstar Labs’ involvement with North Carolina’s election security, courtesy of statescoop.com.

Faced with mounting cybersecurity needs headed toward the presidential election, but lacking the financial resources to build out a more robust internal IT staff, the North Carolina State Board of Elections last year hired a third-party vendor to provide the functions of a chief information security officer as a service, rather than an individual official.

The CISO-as-a-service model, which was implemented July 2019, has allowed the board to increase its network intrusion monitoring and risk assessment functions, and made it easier for state officials to know what information security investments to make, according Torry Crass, a cybersecurity adviser at Woodstar Labs, NCSBE’s vendor. The program, he said, is to provide the board with advice and guidance on how to improve its cyber defenses ahead of an election that U.S. Intelligence Community has warned is being targeted by nation-state actors.

“We’re helping them to improve their cybersecurity program overall,” Crass said. “Not just implementing a single piece of technology. There’s also the aspect around their program itself and building that out and keeping up with the threat landscape.”

But some of the technology Woodstar’s team has helped the NCSBE implement is now familiar in the election-security space, including Zeek, a network-security monitoring software that analyzes inbound web traffic to the board’s servers, and Corelight, a physical monitoring device.

The purpose is to protect both North Carolina’s voter registration database and reported vote totals once they’re entered into a computer, said Sean Maybee, the deputy director of cybersecurity programs for Woodstar’s parent company, Associated Universities, Inc.

“We’re helping with the perception of the election by securing the network,” he said. “With network behavioral analysis, we’re collecting all this metadata and we can get to what’s happening with the vote data once it gets digitized.”

In providing a CISO-as-a-service function, Woodstar also acts as a liaison between the NCSBE and its federal and nonprofit partners like the Cybersecurity and Infrastructure Security Agency and the Election Infrastructure Information Sharing and Analysis Center, Maybee added.

North Carolina uses a combination of hand-marked paper ballots and touchscreen devices that produce printed receipts fed into optical scanners. None of the voting machines are connected to the internet, but the board still manages a voter registration database and a website where unofficial results are reported on election nights, as do the state’s 100 counties. Both voter files and results websites have been repeatedly cited by federal cybersecurity officials as targets for threats like ransomware, with the potential for creating chaos at the polls in the event of a successful attack.

“It’s so prevalent all the time now. It does pose a threat essentially to everybody,” Crass said. “We want to take steps and develop policies with the State Board of Elections and its partner agencies.”

North Carolina officials did not respond to questions about Woodstar Labs’ role as the elections board’s cybersecurity functionary, but both Maybee and Crass, who is based in Charlotte, said hiring a vendor to be a CISO-as-a-service is a sign of organizational maturity.

“It brings a team to a table,” Crass said. “There’s a team that allows different industry experiences to come together and compare notes to give NC the best information possible for what a path forward in any given situation is, rather than have to pay for two, three, four people at those salary points.”

Article by StateScoop’s Benjamin Freed.

In Other News…

VIDEO: Multi-wavelength Observations Reveal Impact of Black Hole on M87 Galaxy

In 2019, a worldwide collaboration of scientists used a global collection of radio telescopes called the Event Horizon Telescope (EHT) to make the first-ever image of a black hole — the supermassive black hole at the core of the galaxy M87, some 55 million light-years from Earth.

ACEAP Alumna Selected as Astronaut for SpaceX

Sian Procter, a participant in the Astronomy in Chile Educator Ambassadors Program (ACEAP) in 2016, has been selected as an astronaut by SpaceX. The Inspiration4 mission, scheduled to launch sometime after 15 September 2021, will orbit Earth for three days and conduct a variety of experiments.

New Images Reveal Magnetic Structures Near Supermassive Black Hole

The Event Horizon Telescope (EHT) — the worldwide collaboration that produced the first image of a black hole in 2019 — has produced a new image showing details of the magnetic fields in the region closest to the supermassive black hole at the core of the galaxy M87. The new work is providing astronomers with important clues about how powerful jets of material can be produced in that region.

After Long Shutdown, Giant Radio Telescope Array Set to Resume Observations

The Atacama Large Millimeter/submillimeter Array (ALMA), a set of 66 radio astronomy dishes perched high in the Chilean Andes, was hit hard by the pandemic. It shut down on 22 March 2020 and has remained silent ever since—far longer than most scientific facilities....

VLA Helps Astronomers Make New Discoveries About Star-Shredding Events

New studies using the VLA and other telescopes have added to our knowledge of what happens when a black hole shreds a star, but also have raised new questions that astronomers must tackle.

Radio Telescope is So Powerful it Can See the Surface of Other Worlds

Get ready for close-up surface images of distant planets in our solar system.

Next Generation VLA Endorsed by Canadian Panel

The Canadian Astronomy Long Range Plan 2020-2030, a report on priorities and recommendations for Canadian astronomy over the next decade, has recommended that Canada support the National Radio Astronomy Observatory’s (NRAO) proposed Next Generation Very Large Array (ngVLA), saying the new facility will enable transformational science across many areas of astrophysics.

The ITL Expects to Create 35 Businesses Between the Third and Tenth Year of Operation

The former Minister of Energy, Ricardo Raineri, who also has a long career as a professor and university researcher and international consultant, was appointed by the American consortium Associated Universities Inc. (AUI) as Director of Development and responsible for executing the installation stage from the Institute of Clean Technologies (ITL).

This Insane Picture of The Moon Was Actually Taken From Earth

A test of a powerful new space imaging instrument has given us a gloriously detailed new perspective of the Apollo 15 Moon landing site.

Successful Test Paves Way for New Planetary Radar

The National Science Foundation’s Green Bank Observatory (GBO) and National Radio Astronomy Observatory (NRAO), and Raytheon Intelligence & Space conducted a test in November to prove that a new radio telescope system can capture high-resolution images in near-Earth space.

You are now leaving AUI

You will be redirected to the related partnering organization's website.

You will be redirected to
in 4 seconds...

Click the link above to continue or CANCEL