Why North Carolina Outsourced Election Cybersecurity to a ‘CISO-as-a-Service’

The following is press coverage on Woodstar Labs’ involvement with North Carolina’s election security, courtesy of statescoop.com.

Faced with mounting cybersecurity needs headed toward the presidential election, but lacking the financial resources to build out a more robust internal IT staff, the North Carolina State Board of Elections last year hired a third-party vendor to provide the functions of a chief information security officer as a service, rather than an individual official.

The CISO-as-a-service model, which was implemented July 2019, has allowed the board to increase its network intrusion monitoring and risk assessment functions, and made it easier for state officials to know what information security investments to make, according Torry Crass, a cybersecurity adviser at Woodstar Labs, NCSBE’s vendor. The program, he said, is to provide the board with advice and guidance on how to improve its cyber defenses ahead of an election that U.S. Intelligence Community has warned is being targeted by nation-state actors.

“We’re helping them to improve their cybersecurity program overall,” Crass said. “Not just implementing a single piece of technology. There’s also the aspect around their program itself and building that out and keeping up with the threat landscape.”

But some of the technology Woodstar’s team has helped the NCSBE implement is now familiar in the election-security space, including Zeek, a network-security monitoring software that analyzes inbound web traffic to the board’s servers, and Corelight, a physical monitoring device.

The purpose is to protect both North Carolina’s voter registration database and reported vote totals once they’re entered into a computer, said Sean Maybee, the deputy director of cybersecurity programs for Woodstar’s parent company, Associated Universities, Inc.

“We’re helping with the perception of the election by securing the network,” he said. “With network behavioral analysis, we’re collecting all this metadata and we can get to what’s happening with the vote data once it gets digitized.”

In providing a CISO-as-a-service function, Woodstar also acts as a liaison between the NCSBE and its federal and nonprofit partners like the Cybersecurity and Infrastructure Security Agency and the Election Infrastructure Information Sharing and Analysis Center, Maybee added.

North Carolina uses a combination of hand-marked paper ballots and touchscreen devices that produce printed receipts fed into optical scanners. None of the voting machines are connected to the internet, but the board still manages a voter registration database and a website where unofficial results are reported on election nights, as do the state’s 100 counties. Both voter files and results websites have been repeatedly cited by federal cybersecurity officials as targets for threats like ransomware, with the potential for creating chaos at the polls in the event of a successful attack.

“It’s so prevalent all the time now. It does pose a threat essentially to everybody,” Crass said. “We want to take steps and develop policies with the State Board of Elections and its partner agencies.”

North Carolina officials did not respond to questions about Woodstar Labs’ role as the elections board’s cybersecurity functionary, but both Maybee and Crass, who is based in Charlotte, said hiring a vendor to be a CISO-as-a-service is a sign of organizational maturity.

“It brings a team to a table,” Crass said. “There’s a team that allows different industry experiences to come together and compare notes to give NC the best information possible for what a path forward in any given situation is, rather than have to pay for two, three, four people at those salary points.”

Article by StateScoop’s Benjamin Freed.

In Other News…

Adam Cohen, president of the entity that won the Corfo tender: “Our goal is to generate between 25 to 50 new companies in 10 years”

With the focus on putting the Clean Technologies Institute (ICTL) into operation soon is the Associated Universities, Inc. (AUI), the entity that won the Corfo tender that is being questioned by another of the consortiums that was in competition.

CORFO Selects AUI to Build and Manage the Chilean Instituto de Tecnologías Limpias

Santiago, Chile—On January 4th, the Corporación de Fomento de la Producción de Chile (CORFO) Council met to award the Chilean Instituto de Tecnologías Limpias (ICTL) construction, management, and operations to AUI.

CORFO Selects AUI to Build and Manage the Chilean Institute for Clean Technologies

AUI is honored by today’s decision by the Corporación de Fomento de la Producción de Chile (CORFO) to award the Chilean Institute for Clean Technologies (ICTL) construction, management, and operations contract to our team.

CORFO Awards Institute of Clean Technologies to a Consortium Led by AUI

The Corfo Council today awarded the Clean Technologies Institute (ICTL), the largest Research and Development (R&D) center and which will be located in the Antofagasta Region, to a consortium led by AUI (Associated Universities Inc)

Naperville bioscience lab taking aim at creating system to dramatically cut COVID-19 test processing time

A Naperville-based bioscience laboratory could help address the backlog of COVID-19 testing across the country and eventually assist the United States in more quickly confronting a future virulent pandemic.

New Partnership Emerges to Battle COVID-19

Naperville, IL—Today AUI and Radiance Diagnostics signed a memorandum of understanding to provide COVID-19 testing, support, and laboratory administration for the federal, state, and local government and businesses that require research and development assistance.

Cybersecurity in a fishbowl: How North Carolina’s Board of Elections handled it

The following is press coverage on NCSBE Cybersecurity, courtesy of scmagazine.com. Election security has never been more scrutinized than the 2020 presidential elections. It left election boards fighting not only to protect the election from outside influences but...

Industrial Cybersecurity: A Culture Change

The following is an article from UPDATE, the official publication of Utah Petroleum Association, Issue 4 2020.  Reliable operational technology (OT) or industrial control systems (ICS) underpin every facet of American lives. Without them, our defenses, our economy,...

How would Trump or Biden deal with grid hacking threats?

POLITICS How would Trump or Biden deal with grid hacking threats? Christian Vasquez, E&E News reporter Published: Tuesday, November 3, 2020 President Trump and Democratic presidential nominee Joe Biden have a few competing plans for the nation's cybersecurity —...

Big Astronomy Planetarium Show Premieres September 26

Big Astronomy planetarium show premieres September 26 Turn your phone into a planetarium with innovative and immersive 360° streaming San Francisco – The Big Astronomy worldwide premiere is coming soon to a smart phone or connected device near you! On September 26 at...

You are now leaving AUI

You will be redirected to the related partnering organization's website.

You will be redirected to
in 4 seconds...

Click the link above to continue or CANCEL