The University of West Florida’s Center for Cybersecurity has added election security to the training topics that it offers Florida state- and county-level cybersecurity personnel.
The partnership between the university and the state, which began in March as a way to augment state government’s general cybersecurity training curriculum, has been expanded to county election supervisors and county-level IT and security staff, Eman El-Sheikh, the Center’s director, told StateScoop. The election security training, which began in June, is comprised of the Center’s “ Cybersecurity for All ” curriculum and operations based out of the Florida Cyber Range, which is the Center’s multi-use cybersecurity range open to academia, industry and Florida state government entities.
Election supervisors, IT staff and officials from Florida’s Department of State sat in on the June training sessions, which covered a range of topics from why cybersecurity is important and its potential impact on election systems to identifying and remedying different types of threats, including malware, phishing, web-based attacks and denial-of-service attacks.
“We also talked about the impact of cybersecurity lapses — how that affects their information, facilities, their access controls, their data. Throughout the course, it was a two-way conversation, because part of it is learning about how that affects the elections infrastructure, voting systems, and how each county needs to respond differently,” El-Sheikh said.
All Florida counties were invited to participate in the training, and the sessions served as a convening and information sharing space as well, El-Sheikh said. Officials were shown how a specific form of attack, such as a phishing attempt, might appear on their computer screen or harm their systems, and walked through dealing with it both conceptually and practically using the cyber range.
Bill Cowles, elections supervisor for Orange County, said in a university press release that the hands-on exercises have been a great way to prepare for the coming election.
“The course guided us through an analysis of our cybersecurity defenses and provided tools for implementing a layered defense consistent with recommendations in the National Institute of Standards and Technology Cybersecurity Framework,” Cowles said. “The opportunity to exchange information and ideas in this setting is invaluable.”
El-Sheikh told StateScoop that while the initial March training sessions focused on hands-on, fundamental practice, the June sessions with the Department of State were more in-depth on specific topics — which are likely to change over time as new threats and technologies emerge.
El-Sheikh said she frequently works with the state’s technology department, the Agency for State Technology, to ensure the topics included in the curriculum are relevant to the jobs in the state government.
“As we go through the training, we get feedback from them on how we can refine these for future uses, because the goal is to keep this as an ongoing partnership and what new topics are they seeing that are relevant for enhancing state cybersecurity resilience,” she said.
In an interview with StateScoop, Florida’s state chief information officer, Eric Larson, echoed the need for his state to maintain a university-style “iteratively progressing” training plan that offers multiple pathways for cybersecurity professionals in government.
The Department of Homeland Security announced last year that election systems in 21 states — including Florida — were probed by Russian hackers, and a popular Florida-based election technology vendor called VR Systems was also among the businesses targeted .
David Stafford, the elections supervisor for Escambia County and a co-chair of the National Association of Election Officials’ legislative committee, said in a press release that he’s seen “a massive increase in cybersecurity awareness among election officials across the country, along with efforts to increase preparedness and resiliency.” The Center for Cybersecurity, he said, is uniquely positioned to help meet that demand in Florida.
Thomas Vaughn, Florida’s chief information security officer said the state “will continue to work with UWF as long as we get the proper training with state personnel, which is going really well so far. The intent is to modify the subject matter and content based on the current needs.”
The state recently secured its $19.2 million share of federal election security funding after a messy, two-month long application process — but officials like Florida Secretary of State Ken Detzner say things are improving. In a press statement published by the university last month he said that “state and local election officials have taken significant steps to protect against the growing threat of cybercrime ahead of the 2018 elections.”
Correction: An earlier version of this story incorrectly referred to the Center for Cybersecurity’s Eman El-Sheikh as “he.” El-Sheikh is a woman.