Why North Carolina Outsourced Election Cybersecurity to a ‘CISO-as-a-Service’

The following is press coverage on Woodstar Labs’ involvement with North Carolina’s election security, courtesy of statescoop.com.

Faced with mounting cybersecurity needs headed toward the presidential election, but lacking the financial resources to build out a more robust internal IT staff, the North Carolina State Board of Elections last year hired a third-party vendor to provide the functions of a chief information security officer as a service, rather than an individual official.

The CISO-as-a-service model, which was implemented July 2019, has allowed the board to increase its network intrusion monitoring and risk assessment functions, and made it easier for state officials to know what information security investments to make, according Torry Crass, a cybersecurity adviser at Woodstar Labs, NCSBE’s vendor. The program, he said, is to provide the board with advice and guidance on how to improve its cyber defenses ahead of an election that U.S. Intelligence Community has warned is being targeted by nation-state actors.

“We’re helping them to improve their cybersecurity program overall,” Crass said. “Not just implementing a single piece of technology. There’s also the aspect around their program itself and building that out and keeping up with the threat landscape.”

But some of the technology Woodstar’s team has helped the NCSBE implement is now familiar in the election-security space, including Zeek, a network-security monitoring software that analyzes inbound web traffic to the board’s servers, and Corelight, a physical monitoring device.

The purpose is to protect both North Carolina’s voter registration database and reported vote totals once they’re entered into a computer, said Sean Maybee, the deputy director of cybersecurity programs for Woodstar’s parent company, Associated Universities, Inc.

“We’re helping with the perception of the election by securing the network,” he said. “With network behavioral analysis, we’re collecting all this metadata and we can get to what’s happening with the vote data once it gets digitized.”

In providing a CISO-as-a-service function, Woodstar also acts as a liaison between the NCSBE and its federal and nonprofit partners like the Cybersecurity and Infrastructure Security Agency and the Election Infrastructure Information Sharing and Analysis Center, Maybee added.

North Carolina uses a combination of hand-marked paper ballots and touchscreen devices that produce printed receipts fed into optical scanners. None of the voting machines are connected to the internet, but the board still manages a voter registration database and a website where unofficial results are reported on election nights, as do the state’s 100 counties. Both voter files and results websites have been repeatedly cited by federal cybersecurity officials as targets for threats like ransomware, with the potential for creating chaos at the polls in the event of a successful attack.

“It’s so prevalent all the time now. It does pose a threat essentially to everybody,” Crass said. “We want to take steps and develop policies with the State Board of Elections and its partner agencies.”

North Carolina officials did not respond to questions about Woodstar Labs’ role as the elections board’s cybersecurity functionary, but both Maybee and Crass, who is based in Charlotte, said hiring a vendor to be a CISO-as-a-service is a sign of organizational maturity.

“It brings a team to a table,” Crass said. “There’s a team that allows different industry experiences to come together and compare notes to give NC the best information possible for what a path forward in any given situation is, rather than have to pay for two, three, four people at those salary points.”

Article by StateScoop’s Benjamin Freed.

In Other News…

AUI and Accumen Partner to Increase Crisis Resilience to Natural and Manmade Disasters for Healthcare Sector

AUI and Accumen, Inc. announced they are partnering to provide services to improve crisis resilience to manmade and natural disasters for the healthcare sector at a historically challenging time.

New Scholarship Established by the AUI Board of Trustees

AUI and the National Radio Astronomy Observatory (NRAO) today announced the establishment of the AUI Board of Trustees NAC Bridge Scholarship Award.

2021 Jansky Lectureship Awarded to Mexican Astronomer

Associated Universities, Inc. (AUI) and the National Radio Astronomy Observatory (NRAO) have awarded the 2021 Karl G. Jansky Lectureship to Professor Luis F. Rodriguez of the National University of Mexico (UNAM).

Pride Month Statement

Pride Month is a time for celebration of LGBTQIA+ communities in commemoration of the Stonewall Uprising of 1969. At AUI, we celebrate an environment that is safe and welcoming to all, and the strength that our diversity brings us.

Cyber Expert Wins FBI Community Leadership Award

Robert R. Wells, special agent in charge of the Charlotte Division of the FBI has chosen a local cyber expert as the 2020 Director’s Community Leadership Award (DCLA) recipient for North Carolina. Torry Crass has been an invaluable partner to the FBI Charlotte field office since 2013.

2021 AUI Scholarship Recipients

Below are the fourteen winners of the 2021 AUI Scholarship conducted by International Scholarship and Tuition Services, Inc. These students will each receive an award of $3,500 per year to aid in defraying expenses at the college or university of their choice.

ITL Development Director: “We are convinced that our proposal is solid and meets all the requirements”

In an interview with Nueva Mining and Energy Magazine, Ricardo Raineri, Director of Development of the Chilean Institute of Clean Technologies (ITL) refers to the criticism that has hovered over Corfo’s decision, arguing that “it is essential to understand and emphasize that our proposal is based on an open platform model ”.

West Virginia Students Contact International Space Station LIVE

Friday, May 7th at 8:00 AM EDT, students in rural West Virginia will experience this once in a lifetime opportunity. Green Bank Elementary-Middle School (GBEMS) will be contacting astronaut Mark Vande Hei on the International Space Station (ISS).

The Universe just Became More Accessible: Free Software for Exploring the Universe Through Sound

Today free software has been released to help the blind and visually impaired (BIV) explore the universe through sound. With the support from the National Science Foundation’s STEM+C program, Innovators Developing Accessible Tools for Astronomy (IDATA) brought together nearly 200 BIV and sighted students, teachers, astronomers and programmers from across the Nation to create this innovative software called Afterglow Access.

Nueva Mineria covers the importance of ICTL’s Open Science model pioneered by AUI

The ICTL is a Chilean clean technology institute that is committed to developing innovations in the mining, power, battery, manufacturing, and related industrial sectors. The Open Science model allows a larger community to access R&D facilities based on the merit of their proposals.

You are now leaving AUI

You will be redirected to the related partnering organization's website.

You will be redirected to
in 4 seconds...

Click the link above to continue or CANCEL