HARTFORD – Connecticut Secretary of State Denise Merrill awarded the Connecticut National Guard Joint Cyber Response Team the National Association of Secretaries of State Medallion May 12, 2021, for its work in fortifying cybersecurity efforts ahead of the 2020 presidential election.
This was a first-of-its-kind mission for the team of Army and Air Force information technology professionals. The team was tasked with offering assistance to the state’s 169 municipalities with reviewing their election infrastructure to identify and mitigate any possible gaps in their cybersecurity.
“This mission gave the Connecticut National Guard an opportunity to help meet a need in our state, provide a tremendously valuable service, and continue to make an impact in the communities we serve,” said Maj. Gen. Francis Evon, adjutant general for the Connecticut National Guard. “The Joint Cyber Response Team again proved to be a rich, value-added, capability for Connecticut, employing IT professionals on a part-time, as needed basis, to tackle some of the most pressing cybersecurity challenges we face.”
The threat of malicious outside actors manipulating the United States’ election process was a central topic going into the 2020 presidential election, so the office of the Connecticut Secretary of State reached out for the National Guard’s assistance, in a state active duty status, earlier that year. A successful cyberattack could have led to interrupted connection to the Connecticut Voter Registration System (CVRS) or the manipulation of records, severely impacting the legitimacy of the election.
"America faces serious challenges in preparing for the 2020 election and nothing is more important to the functioning of our democracy than ensuring that Connecticut citizens are able to vote freely and safely without the threat of foreign interference," said Secretary Merrill in a press release dated June 12, 2020. "In Connecticut, every valid vote cast will be a vote counted. This partnership [with the National Guard] will give local election officials the resources they need to protect their election infrastructure from cyberattack."
Starting in May, the Joint Cyber Response Team coordinated with each of the municipalities to foster participation in the program.
Once a municipality opted into receiving assistance, it completed a Cyber Resilience Review (CRR): a no-cost, voluntary self-assessment checklist developed to function as a non-technical evaluation of operational resilience and cybersecurity practices. The cyber team then used that CRR to conduct on-site inspections to answer questions, provide technical guidance, and give tailored recommendations to each town on how it could improve its cyber posture.
When developing its reports for the municipalities, the team focused on two main areas of interest: physical infrastructure – tabulators, memory cards, etc. – and cyber infrastructure – connection to the CVRS. The reports offered the municipality high-payoff solutions for any deficiencies found which could be implemented in time for the election, as well as long-term solutions for the future.