Election officials throughout the country, armed with cyber-trooper support from Washington, went on the offensive this year and staved off significant cyber penetration of the election process.
Speaker 1: On behalf of FedInsider and Carahsoft, we would like to welcome you to today's podcast focused around election security, protecting the foundation of our democracy, where our panel of election security experts will discuss the challenges, successes, and lessons learned from the 2020 election.
John Breeden: And hello everybody. And thank you for joining us today. I'm John Breeden, and I will be moderating what I know will be a lively and interesting discussion about our election processes and the various threats that were raised against this foundation of our democracy during the recent election.
Prior to the 2020 election, FedInsider hosted a series of three webinars on election security. During those programs, which are all available now in the archives for streaming, experts talked about the various threats and potential problems that they anticipated would happen as the election was drawing near. And some of the ways that they plan to mitigate those threats and protect this critical process.
Some of those guests are back today for our post-election show. And we also have a couple of new panelists with unique views about the recent election. They will all be talking about what went right during this election, what they learned and how we can work to ensure that future elections are also kept safe and protected.
Because of having such a large and esteemed group of speakers on the show today, it will run for 90 minutes instead of the normal 60. This is a critical topic, but no worries because we have seven highly experienced experts to break it all down for us. So let me welcome each one of them and then we can get started.
First off, I wanted to welcome Justin Herring is the Executive Deputy Superintendent of the New York Department of Financial Services. Welcome back to the forum today, Mr. Herring.
Justin Herring: Thank you. Thank you. It's a pleasure to be here.
John Breeden: Great. And let me also welcome the Supervisor of Elections for Okaloosa County, Florida, Paul Lux. Paul, welcome back to the show today.
Paul Lux: Hey, thanks for having me. Glad to be back.
John Breeden: Excellent. And we are also pleased to welcome Justin Bernardino. He is the Operations Manager for the Orange County Registrar of Voters. Mr. Bernardino, it is an honor to have you joining us again today.
Justin Bernardino: Thank you. Happy to be here.
John Breeden: We are also pleased that Commissioner Ben Hovland, the Chairman of the U.S. Election Assistance Commission is joining us again today. Ben, it's an honor to have you joining us once more for this very important discussion.
Ben Hovland: Thanks, John. Great to be back.
John Breeden: Great. And that takes care of the introductions to our veterans, but we also have three new guests joining us today. The first is Geoff Hale. He is the Director of the Election security Initiative at the Cybersecurity and Infrastructure Security Agencies, National Risk Management Center. Welcome to the show today, Geoff.
Geoff Hale: Thank you. Good to be here.
John Breeden: And our other brand new guest is Lewis Robinson. He is the Vice President of Elections Operations at the Center for Internet Security. It's a pleasure to have you with us today, Lewis.
Lewis Robinson:Thank you, John. It's a pleasure to be here. I appreciate the time to be on this panel with the other members.
John Breeden: Well, we're really glad to have you here. And our industry represented today is the Chief Security Officer for Okta, Sean Frazier. Sean, thank you for joining us today.
Sean Frazier: Thank you very much, John. It's great to be here and it's Okta, not like okra, but Okta.
John Breeden: Okta. Got you. No problem.
Sean Frazier: No worries. Thank you, my friend.
John Breeden: Excellent. So we have some great questions about the cybersecurity threats that you all faced this year, as well as some of the unique challenges that the 2020 election brought. But we have such a steamed panelists. I wanted to remind our audience about some of our guests experiences and the organizations they represent.
So I want to give a little bit of time to each one of our panelists, just to talk about who they are and what they did during the recent election. And then we can get into the meat of the presentation.
So Mr. Herring, let's start with you. Can you tell us a little bit about what you do as the Executive Deputy Superintendent of the Department of Financial Services for the great State of New York, where you also lead the newly created cybersecurity division? Can you tell us a little bit about what you do there and the size of the constituency that you serve?
Justin Herring: Certainly. Yeah, thanks John. And I think you've already kicked it off there. I think the Department of Financial Services or DFS is New York state's financial services industry regulator. So that covers parts of the industry like banking companies, insurance companies, money transmitters, cryptocurrency companies and others.
Our responsibility is to ensure the safety and soundness of the financial services industry and protect consumers. We regulate over 3,000 institutions that have a combined assets of more than $7 trillion. We see cyber security is the biggest threat to the financial services industry. And we are proud to have been a leader in cybersecurity standards for the industry.
Our cybersecurities regulation for the financial services industry in New York. And we adopted it in 2017 was the first of its kind. And we're proud that it's become a model for other regulators like the FTC and the NAIC. The cybersecurity division at DFS was established in 2019.
When I joined DFS to serve as the first head of the cybersecurity division after having been a cyber crimes prosecutor in the New Jersey and Maryland, U.S. Attorney's office, cybersecurity division, but really devoted to raising the bar for cybersecurity across the financial services industry and handle regulatory guidance, cyber incident reporting and response and enforcement actions.
Now as a New York state official, I also work with my colleagues across the state government and beyond on cyber issues that have an impact on New York, its government, as well as its citizens and consumers. And election security has been a big priority for the state for a number of years now. And the state has taken an all hands interagency approach brought together expertise and resources from different sources.
So although my department, the Department of Financial Services does not have a formal role in the New York state government's handling of elections as part of that cross state efforts and focus on election security. I've been working on election security issues with my colleagues across the state since I first joined the state government in 2019.
John Breeden: Great. Well thank you Mr. Herring, and I'm sure we'll be hearing a lot more from you as the show proceeds. Paul, we learned from you during the previous show that Okaloosa County is an absolutely beautiful place right along the Gulf coast of Florida. And you also have 180,000 residents who live there, so it's not a tiny population. Can you tell us a little bit about what you do as the Supervisor of Elections and the ways that your constituents normally vote there?
Paul Lux: Certainly. So here in Florida, every one of our counties has a supervisor of elections. The vast majority of us are elected not appointed. And we get to run in the year of the president. So for some of us, we also had to juggle our own political campaigns in addition to trying to manage all of the elections and COVID and everything else.
But each supervisor of elections is responsible for everything to do with the election soup, to nuts for any local state or federal election. So all of the voter registration, all of the ballot layout and design, the delivery, the tabulation, the reporting, the auditing, all of that falls under the umbrella of each one of us individual supervisors in this 67 counties.
As we saw like everybody else, we typically not quite a third here in my County. People voting some by early voting, some by mail and some on election day, we typically tended to have a slightly lower turnout for vote by mail and a slightly higher turnout for election day. And of course, COVID-19 considerations, which I know we're going to talk about later certainly changed that picture.
We ended up with an additional 15,000 people voting by mail this time around an extra 10,000 who attended early voting, which gave them the opportunity to space things out over a couple of weeks before the election and our election day turnout was actually so severely reduced. My poll workers were a little terrified of what was going on because they had never had a presidential election year that was so slow.
John Breeden: Amazing. Well, thank you, Paul, we'll learn a little bit more about some of the things you mentioned in the show in just a bit. Mr. Bernardino, you are the Operations Manager for the Registrar of Voters in Orange County, California, the sixth largest County in the United States with a population larger than 21 U.S. states. In a previous show, you talked about the complex election issues in your county. Can you refresh our memory about that as well as talk a little bit about your job responsibilities there in Orange County?
Justin Bernardino: Yeah. So we're a complex in size, as you mentioned, we are up to 1.8 million registered voters. We're also complex in the sense that we do our own printing and mailing. So if you think about the 1.8 million voters, we have to print their ballots, we print their voter information guides, we handle all the mailing.
In addition to that, we've had a lot of attention from parties and the media because our county's demographics have been becoming more. There's been more and more parody to our demographics and the party registrations are pretty much split. In 2018, some congressional seats flipped that were the same party for ever as long as anyone can remember. And then some of those flipped back in 2020 so we get a lot of that attention.
Additionally, my responsibilities includes the operations of all those things. We mentioned the mailings, the voting, the technical side, voter services, printing and all the elections operations.
John Breeden: Excellent. Well, thank you, Justin, for that overview of what is, must be a complex operation with a very big county. Ben, welcome back to the show to you. If some of our audience does not remember, the Election Assistance Commission is an independent agency of the federal government that was created by the help America Vote Act of 2002. Can you tell us a little bit about what your agency does and your role as its chairman and as a commissioner?
Ben Hovland: Thanks, John. Yeah, I know a lot of a number of people may not be that familiar with the Election Assistance Commission or EAC. As you mentioned, we were created by the Help America Vote Act of 2002, which was basically Congress's response to the 2000 election. That legislation created the EAC as a bipartisan independent agency with a number of responsibilities, including the testing and certification of voting equipment. We distribute grant money from Congress to the states for election issues.
In 2020, we distributed over $800 million to the states with about 425 million of that being for election security. And then another 400 million of that being related to the Cares Act for money to respond to the COVID-19 pandemic. And we serve as a national clearing house on best practices in election administration which also includes conducting the election administration and voting survey or EAVS which I'll talk about a little bit more later, but it's the only national survey of its kind that looks at how Americans are getting registered and voting.
John Breeden: Great. Well, thank you for that overview, and I'm sure we'll hear a lot more from you moving forward. Geoff Hale leads the Election Security Initiative at the Cybersecurity and Infrastructure Security Agency, which most people just call CISA. He works at the National Risk Management Center.
Geoff you've been involved in CISA's election security mission since 2016. Can you tell us a little bit about that mission and CISA's key activities in this mission space? And who you work for and who you work with in support of that mission?
Geoff Hale: Thanks, John. Thanks again for having me. That's all correct. We got involved DFS designated election infrastructure as critical infrastructure back in 2017 largely in recognition of the importance of the integrity of those systems and the threats that they may face. Since that time CISA has made election security a top priority. Our job is really to work closely with election officials and vendors to help support them in managing the risks to their system. That's kind of why we sit in the National Risk Management Center.
To do that, we coordinate providing clearances and access to threat intelligence. We have no costs, cybersecurity services, physical security assessments to get planning, risk mitigation guidance, training, and exercises. We partner with a lot of the people on this call and in order to provide the information necessary for our election stakeholders to make the most informed risk management decisions as possible.
John Breeden: Makes sense. Thank you, Geoff. Lewis Robinson is the Vice President of Elections Operations at the Center for Internet Security. He is responsible for advancing the mission of CIS' Elections Infrastructure Information Sharing and Analysis Center.
And has a deep history in cybersecurity where he has supervised cyber crime investigations, cyber incident response, digital forensics, and initiatives that mitigated the risk of cyber attacks against critical infrastructures. Lewis, can you tell us a little bit about that and what the Center for Internet Security does and also what was its role in the recent election?
Lewis Robinson: Thanks again, John, for the intro. Many participants may be familiar with CIS, but for those who don't, CIS is an independent and trusted nonprofit cybersecurity partner of public and private organizations around the world. Our best practices are complimented by the threat intelligence from our security operation center through the heart of the CIS mission, and that SOC supports the Multi-State Information Sharing and Analysis Center, our MS-ISAC, and the Elections Infrastructure Information Sharing and Analysis Center, EI-ISAC.
CIS and ultimately the EI-ISAC role was born out in the 2016 general election and the aftermath. DHS, NASS, NASS-ED, the EAC, as well as local election organizations with CIS discuss the possibility of creating an ISAC, devoted solely to the nation's elections infrastructure.
So in 2017, DHS agreed to conduct a pilot elections ISAC with seven states. That pilot proved successful and in 2018, DHS and the Election Infrastructure Subsector Government Coordinating Council, quite a mouthful there tells CIS to stand up the elections infrastructure ISAC. Thanks to leveraging the services offered and experiences gained through the MS-ISAC.
The EI-ISAC we've become fully operational with all 50 states and DC participating in the ISAC. We currently have 2,900 total members, including the election vendor community. We provide the election officials and their technical teams with regular updates on cyber threats, cyber event analysis, cyber education materials, and support their very important task of conducting elections.
John Breeden: Thank you, Lewis. That was a great story. I look forward to hearing more about it a little bit more into the show. Sean, you are the CSO for Okta, and you have worked in cybersecurity in the private and public sector for over 20 years, including projects in the DOD, intelligence community and civilian agencies, including DHS, DISA and many others. Can you tell us a little bit about what you do now for Okta and your experience and interest in election security specifically?
Sean Frazier: Sure, absolutely. So I work in the security organization at Okta where I'm primarily focused on our public sector business and our public sector practice. And in Okta, I'm sure everyone knows what we're a modernized identity provider in the cloud. So we're focused on two things I'm very passionate about and have been for many years. And by virtue of the fact, you can't see me, you can't see my gray beard, but that's proof I've been doing this for a long time, but we're focused on modernization and we're also focused on security.
And those two things in my view go hand in hand. So that's an area where we spend a lot of time thinking about this. And from an election perspective, you I think one of the things that most people focus on when they focus on election security, they focus on voting devices and people voting. And as everyone on this call knows there's a whole lot of infrastructure around that people will necessarily think about.
So we're very passionate about making sure that we're helping our partners protect the election integrity from the holistic sense from kind of the enterprise sense. And then the other piece of it is I'm a little bit of a civics nerd. So I pay attention to these kinds of things. And I've cared deeply about our elections as a citizen.
John Breeden: There's nothing wrong with being a civics nerd. I think we should all be a little bit more like that. So thank you, Sean. And actually thank you to all of our guests for this great overviews and insights about what they do and what their organizations do.
During the show today, I want to talk about some of the kinds of threats and challenges that were overcome leading up to the 2020 election. The lessons learned for future elections as well, but first I think I should probably point out that it seems like the election went very smoothly, despite a lot of valid concerns before the election that we talked about in our previous shows, there didn't seem to be any major security breaches and no major outside of the typical things associated with hosting what is essentially a very large nationwide event.
So I'd like to start with a couple of questions for the four of our guests who are coming to us from previous shows to see how closely reality was compared with some of their predictions. Mr. Bernardino, let's start with you on this one. During a previous show, you mentioned that you had been involved in election security since the punch card days.
So you have seen a lot of threats to our elections evolve over time. How does the 2020 election compared with previous elections that you have been involved with in terms of the security threats and disruptions? It almost seemed like nationwide, 2020 went more smoothly than in 2016. What was your experience this year in Orange County, California?
Justin Bernardino: The elections of 2016 they ran smoothly. However, 2020 was exceptional in that it went smoothly under so many new challenges and circumstances and some of which we had no history to draw upon. There was operating the election under COVID. There was the largest turnout in history, at least in Orange County. We had over 1.5 million ballots. The scrutiny was unprecedented. With all those factors, it was almost surprisingly smooth.
And that also translated for security threats and disruptions. I believe the preparation lessons learned, but especially the partnerships that were developed since 2016 helped tremendously. So I think that was a big difference. Again, it's comparing a little bit of apples and oranges just because 2020 had so much more complexity to it, but 2016 didn't have the critical infrastructure label that we've had and been able to utilize since 2017. And that really, I think was one of the largest factors in having a smooth election cycle security wise.
John Breeden: Excellent. Well, thank you. Paul, during a previous show, you joked that no matter who won or what happened in Okaloosa County, that you were sure that you were going to get sued. I know that you were joking, but of course the reason it was so funny was because people take elections so very seriously. So now that it's over, I can ask you, how did things go overall in Okaloosa County and how were things compared with the previous elections there?
Paul Lux: Well, certainly, there were a lot less lawsuits this time than there were in 2016 and certainly in 2018. I don't know whether it just means that the lawyers were tired of earning money or that there was too many other considerations on the table, but there were a whole lot less lawsuits, but of course this year, Florida delivered a performance that sheds us of the mantle that we've been carrying around since 2000.
And all of that has to do with the preparations and all of the flexibility we were given, our governor, the executive orders out of the executive branch here, the money from the EAC, all of those things had a tremendous impact on our ability to deliver a safe and secure elections. And everything went very, very smoothly so much so that it was like I said, on election day, it was really eerie because... I'm going to say almost 60% of my population had voted before election day.
And my poll workers, they were busy, but they were nowhere near as busy as they normally are during an election day. And then of course, we didn't have any recounts to speak of in Florida. Certainly, not on a statewide level, like we had three in 2018. And so all of those things really, really reduced the number of potential lawsuits.
We still got buried under a flood of public records requests of course, but so many of us in this sector ended up with that anyway. So overall on the balance sheet for all of the adversity, a lot of the things Justin mentioned, problems finding poll workers., problems finding polling places in some of our jurisdictions here in Florida, everything went amazingly well, given the constantly changing landscape we were operating under for all three of our elections last year.
John Breeden: Excellent. Well, thank you, Paul. And it's good to hear. Mr. Herring prior to the election, you were really putting a lot of work into making sure that New York did not have its election disrupted either by things like cybersecurity threats or elements like outside disinformation campaigns. With the 2020 election now a part of history, can you tell us how everything went overall in New York? And were you pleased with the way the election process worked for you in New York during 2020?
Justin Herring: I'm sure. So like Justin and Paul, I think the short answer is we are happy about how the election went in New York. I think overall there are certainly challenges and those challenges range from the pandemic to actually changes in the way that New York voting handles and the introduction of an early voting period that happened before the pandemic, but this is the first presidential election where we have that.
So there were a variety of challenges from logistics to the pandemic, and of course, the cyber security element. But ultimately, we do think we achieved our goal of having a safe and fair election that gave New Yorkers the confidence in the integrity of the process and the results. I think that as far as the cybersecurity challenges go, I think it's the nature of a field like cyber security, right? That no news is the best news. And success ends up looking fairly quiet.
We did face one significant cybersecurity incident during the early voting period, but I think a lot of our preparation and planning and pre-election coordination that we had done really facilitated us in handling that in a way that ultimately did not disrupt the election. So, like I said, it was certainly an election with lots of challenges, but we are pleased with how it went.
John Breeden: Thank you, Mr. Herring. Ben, the Election Assistance Commission was responsible for helping out elections officials, as well as state and local governments across the country in 2020 in an effort to keep their election safe, accurate, and secure, also accessible. Were you able to help everyone who needed it for the recent election? It sounds like from our elections officials, this was a crazy year in terms of a lot of challenges. So how big of an effort was that in 2020? And again, were you able to help everyone who reached out to you?
Ben Hovland: Yeah, well, we certainly tried. We're a small agency with a big mission and I'm extremely proud of the work that we did this year and our team for all the effort. The decentralized nature of elections in the United States makes the federal role more of a support role in helping bring people together, providing the support that we can to election officials who are doing the hard work. And so a few things stand out for me this year that were particularly important.
First, I mentioned the $825 million we distributed from Congress. That was a big deal. We were able to get it out pretty quickly. The last 400 was the Cares Act, Congress gave us 30 days to do that. And we were able to meet that deadline so that was important. Additionally, a few people have mentioned critical infrastructure and the critical infrastructure designation and the governance structure that came out of that.
We were able to participate in a joint COVID working group that provided a number of valuable resources for state and local election officials, as they were looking to increase their amount of mail and absentee voting as they were looking to make polling places as safe as possible. So again, we're happy to participate in that.
We also worked with the Center for Tech and Civic Life to make a series of tailored cybersecurity trainings available to election officials across the country at no cost to them. And finally, one thing I was particularly pleased with the success of, with our national poll worker recruitment day effort. I believe this really made a difference in raising awareness about the need for poll workers, and ultimately we saw a new generation of Americans step up and serve this year.
John Breeden: Great. Sounds really good. Ben, thank you. It's excellent to hear from all of you about how everything went well overall in 2020. I want to talk about some of the specific threats that were overcome and ultimately dealt with by all of our guests today. But first, I wanted to maybe hear from each of you, what you think was the greatest challenge during the 2020 election.
And Geoff is one of our new panelists. Let's start with you on this one. What were some of the challenges that you insist have faced this election cycle and how were these addressed? And if you can, how are these challenges different from previous elections?
Geoff Hale: Thank you. That's a great question. There were certainly expected challenges of malicious cyber activity. We've made a big effort on ransomware. We saw a nation state activity, like the voter data used by Iranian cyber actors to undermine the perceived integrity of the election. There was other disinformation and misinformation. We worked to help mitigate those through again, providing cybersecurity services, guidance, outreach to more than 7,000 counties and jurisdictions, a lot of joint products with the FBI with EAC.
But the biggest challenge is... I mean the elephant in the room is the response to coronavirus and how that change drew down on election officials, most valuable resource, that being time. I actually think Commissioner Hovland being modest. We'd shared a joint working group that together we were able to do things like convene the CDC and the postal service to really allow election officials to ask direct questions of these, to understand what changes they may need to manage the risk of the virus for their staff and for the public.
And we were able to produce guidance documents to help inform the decision-making that they were going through at the time either to expand early voting, take safeguards for in-person voting or to move to expanded absentee voting by mail. So we were very pleased with the outcome, seeing an election season with few events, but obviously there was a lot of work to help support election officials and the vendor communities.
John Breeden: Okay. Thank you, Jeff. And Lewis, welcome to you to the panel for the very first time. I know you've only been with the Center for Internet Security's Election Infrastructure since September, which must have been a great time to get up to speed with a new job, but you have almost a 30-year history with cybersecurity through the secret service. In terms of the election, what did you see as the some of the biggest challenges and were you able to help overcome them?
Lewis Robinson:Thanks again, John. I think the biggest challenge was improving cybersecurity for the election officers. Again, after 2016, a lot of focus on improving the cybersecurity of elections across the country so I think if we look over the last four years where we were at and where we are today, that a significant progress has been made in that regard.
In many States have been helping their local election offices to assess and improve their cybersecurity. And our role in the EI-ISAC, we're helping them meet that challenge of addressing these cybersecurity gaps that they have, and we've deployed extensively our Albert network of monitoring sensors to election official offices.
We've also made a lot of headway in getting our end point detection service out to election officials. And John, as you mentioned in the lead up to the question, coming on board at the end of September, it was a very intense OJT over those four or five weeks.
But I can say that one thing that I've observed in the weeks leading up to the election was the partnerships and how key they were. These partnerships again, between the election officials and their staff. You had Mr. Hovland and Mr. Hale from CISA board, how important the partnership with our organizations were and how important the partnership of the ISAC is. I mean, those partnerships were key in overcoming the many challenges to secure the election.
One thing that, to put these tools and things in place, but if you don't have the strong partnerships as well to get that done across the board, it certainly makes that difficult. I take that away or take that as one of the key takeaways in that short period of time was those partnerships and how key they were and how important they're going to be going forward.
John Breeden: Excellent. Thank you. Mr. Herring, New York faced a lot of threats and disruptions this year. You mentioned one in your previous answer to your question, but for example, one of your counties was hit with a ransomware attack that actually knocked the voter registration page offline for a little while. I want to ask you how you overcame specifically that particular setback, but also, were there any other unexpected challenges that your state faced this year during the election or the run-up to the election?
Justin Herring: Sure, John. Obviously, when you say unexpected challenges in 2020, the first thing that jumps to mind is the pandemic. And I know some of my co-panelists have already talked about those challenges, but I'll just take a moment to focus on cybersecurity, especially since you asked about the ransomware attack.
We did have a ransomware attack in Shenango County during the early voting period. It started in late October. We've no reason to think that it was election related or that the attackers cared about the election, but it did disrupt the county government, including some of the systems that were supporting the elections.
And around the same time, two other healthcare entities in the state there were supported by the state were also hit by ransomware attacks. Those entities have nothing to do with the election, but in combination, those did put a strain on New York state's incident response resources.
That said, I think that a lot of the preparation that we'd done and a lot of the coordination that be done, and the partnerships that we built to echo Lewis's point about the importance of the partnerships, put us in a position to address those challenges. And in particularly in Django County, we're fortunate in New York, we built a paper ballot backup trail system. The polling places remained opened. The voters were able to vote and the votes were counted.
And ultimately I think it was success as far as our incident response and our election continuity procedures. The website was knocked off and I think it was actually not the voter registration page, but the absentee ballot request page was knocked offline for, I think it was a few days, but every New York voter was mailed, also mailed an application as well. And many people had if put in a position to request those ballots beforehand. So we're confident that everyone could wanted to vote was able to do so.
John Breeden: That sounds great. Paul, during the previous show, you mentioned that some of the voter information in your state had been hacked, although it did not specifically affect Okaloosa County. And most of the information obtained by the hack is actually publicly available in Florida anyway. So the hackers probably could have just called and asked for it, but did that end up being the biggest problem for you protecting that voter identity or were there other things that ultimately gave you more trouble and how were you able to overcome those challenges there in Florida?
Paul Lux: Certainly, there was a big headline from the general election timeframe, specifically about the misuse of public voter information. And we anticipate there will be some moves to address this legislatively, this session in Tallahassee. But if you didn't hear the story, somebody actually took the publicly available information on our governor and moved him from his current jurisdiction where he voted into another jurisdiction.
And something that we've been trying to warn people about for a long time. So certainly that is going to come to a head, although we do not see a whole lot of panic about those instances more so than people were worried about as everybody certainly knows by now all of the things that COVID brought to us.
So in addition to having to find ways to make sure we were doing what we could to protect the public, when they came to vote doing what we could to protect our poll workers, I was fortunate to not lose a lot of polling places, but I know many of my counterparts across Florida lost quite a number of polling places because they used to use day rooms and stuff like that in nursing homes and being ejected from all of those places, made things a little tight for a lot of people.
Poll worker recruitment was a big deal. Our governor actually issued an order offering any state employee, two full days of pay plus whatever poll worker pay we were paying to get them to be poll workers. And I know a lot of people were able to take advantage of that.
I did not have as many state employees as I would've liked volunteer, but thankfully my Sheriff's office, my board of County commissioners, my clerk of Circuit Court, all three of those folks sent a lot of their employees, my way to bolster our poll worker numbers and help us get through both the August primary and the November general election, which was probably one of our biggest challenges.
And I know we're going to talk about it later, but of course COVID hit my office at one of the absolute worst times. And I know I'll talk more about that when we get a little further down. Suffice it to say that most of the challenges were COVID related in going all the way back to our March presidential preference primary when things were just starting to lock down scrambling to find any sort of hand sanitizer or other things.
And then of course, all of the preparation with all of the Cares Act money, federal grants and state grants and all of our partners at the state and federal level to just really help us pull it all together and make sure that we were aware of what resources were there to help us made things work as well as they did.
John Breeden: Excellent. Thank you, Paul. Mr. Bernardino, now that the election is over, you can add to your vast experience in election security. In Orange County this year, what ended up being the biggest challenge for you in terms of the election or election security and how was it overcome there in Orange County?
Justin Bernardino: I think the biggest challenge is actually the human part of election security. We were lucky and that we had support and resources to address the technical security end of things. But the human endeavor was definitely a challenge because we have our employees, you have those center workers in the field, they're seasonal and they have to be prepared to deal with security issues.
But in addition to that, they had to be ready to deal with extra scrutiny coming from observers. They had to be ready to deal with difficult situations. There was a lot of people creating challenges in the field, and we had a good response structure in place where people from our office will go and deal with it, but making sure that people were obviously observing security, but able to deal with those extra situations caused by all the observation and scrutiny.
So they also had to know that there is an increase in people looking to expose or misinterpret every little thing that is happening. And they had to be prepared with that. And the way that we dealt with it and prepared with it is increased in constant training, tabletop exercises, run throughs, but every meeting, every training security had to be an integral part of that. And it just, we had to weave it into every part of our training, every meeting, every conversation that we had with everybody involved in the election.
John Breeden: A lot of preparation. It sounds like it paid off for you. Ben, as we mentioned before, and as some of our guests have mentioned, the Election Assistance Commission is responsible for supporting election officials across the entire country. I'm just curious, now that the election is over, do you follow up with them afterwards to see how everything went?
Of everyone that you had contact with during the election, did they talk to you about what was the chief problem or a threat that they ended up dealing with and did you make sure that everything that you did help them to run a smooth election?
Ben Hovland: Yeah, thanks for that, John. After every election at the EAC, we conduct the election administration and voting survey that I mentioned, and that really gives us facts and data about how the election was run in every state and territory around the country.
Additionally, this year we're in the process of following up with lessons learned efforts we're going to ultimately put out a report on the 2020 election, which will hopefully take a lot of these lessons learned, take the things that work, take some of the things that didn't and put that out there. There were so many resources this year that we want to try to capture as part of our clearing house function.
But as far as the chief problem this year, I think a couple things, number one, you've got sort of a pre and post November 3rd components. Before November 3rd, there were issues with resources. Most election officials were facing the challenge of running both the largest sort of mail and absentee election they'd ever run, but also needing to maintain polling places including having an poll workers as we've talked about a little bit already but also making sure that those polling places were as safe as possible.
So a number of challenges this year, and you've really got to give credit to the state and local election officials for doing that job. And then throughout the year, both in the lead up to the election and then obviously afterwards there's been this per base of issue around miss and disinformation. And so certainly, that's an ongoing challenge and something that we need to continue to work on and get better at.
John Breeden: Excellent. And we'll definitely be talking about disinformation in just a bit. Sean, I'd like you to put your civics nerd hat on for just a moment for us. What did you see as the greatest threat to the election in 2020? And why do you think that we were able to overcome it?
Sean Frazier: So, yeah, I feel like I'm just going to be piling on to everyone else's great responses, but I think that, yeah, we got to celebrate what was done right. I think things like instantiating CISA as an organization to help the state agencies was critical. I think them designating election infrastructure as critical infrastructure was also the first step or the second step of making sure that the correct spotlight was shown on the problem or the protection that needed to happen.
From talking to our state local customers who are moving to innovate their security models, there was an unprecedented amount of collaboration. So someone talking about partnerships and information sharing and best practice sharing and all of those different things. So I think those were all great steps, great things that helped give a lot of trust in the election of last year.
I think the important thing also to think about is that cybersecurity is a vigilance game. It's something that is not one and done. You don't just do it and then move on. If something you got to build into your lifestyle, you got to build into your security architecture. And it's a challenge for elections because elections happen every so often, every two years, every four years, every period of time.
And it's not happening ongoing, like when we live our life inside of a business we're protecting customer data and we're protecting employee data all the time consistently. So it's a little tougher to apply that mindset in the election security model, but we still need to do that. Vigilance is key.
I think if I look at one of the biggest threats, the biggest threats to me were external threats. And I think everyone touched on these, right? COVID was an unknown external threat across the board with regards to getting people to the polling places and changing the way people voted early voting versus same day voting. And I think we really have a substantial disinformation problem in the United States right now that we have to address.
John Breeden: Excellent. And thank you for setting that up. I want to go into the disinformation part of the webinar discussion today. During all three of the previous election security webinars, the ones that we did before the election, the discussion of disinformation campaigns, like the kind that are launched through social media channels, it was a huge concern for all of our guests.
I don't think there was one guest from the previous three shows that didn't think that disinformation was going to be a big problem. It's not a direct security threat as Sean, you mentioned, but the consensus was that it's a dangerous problem for running a safe election. It's something that re really need to get a grip on.
Paul, I believe that you are one of our former guests who were actually very concerned about this. You had even set up a counter disinformation squad. You described it as in your county to talk about election security and counter any wild claims that were made on social media about the integrity of the election. Did you have to tap into that group? And in the end, how much of a threat was disruption and disinformation campaigns this year for you?
Paul Lux: We did not see a lot of it here in Florida, or at least not in my part of Florida. We were tapped into, like you mentioned I had inoculated a lot of the social groups that I spoke to heading into the election cycle about what things like website defacement meant and how that doesn't change the election results just because my website gets defaced and just basically inoculating some of the movers and shakers of the community to be the ones who I could call on to defend our process should there have been any type of incident which thankfully never came.
Of course, all of our partners with the ISACs, both MS-ISAC and EI-ISAC, all of the bulletins and the warnings and the briefings, all of that was vitally instrumental in making sure everything stayed safe. The Albert sensors, all of the joint election security initiative that we did here in Florida, all of that stuff was terribly important.
We didn't see a lot of miss or disinformation every once in a while, but we even got signed up with SQUINT so that we could report anything that we ran across and to get reports from SQUINT about things that were being reported to them that might affect our jurisdiction. And that was a huge help at the very least, just to know that we were prepared and that we were getting again good Intel as quick as it could come out.
And all of those things made it very, very much smoother and safer and really improve the public confidence at a time when the public confidence was starting to look a little shaky. Of course, the national narrative about voting by mail people trying to walk that back that led to a whole bunch of inquiries and claims.
Any time, one little hiccup happened, somebody's ballot got missent to a neighbor's house, et cetera, it was a big conspiracy theory. And so we had to had to keep a lid on that and try and get out as much correct information as we could through all of the platforms that we had at our disposal. But at the end of the day, the number of people who had genuine problems, the number of people who were actually trying to commit voter fraud are in such a small minority that it basically became not newsworthy.
John Breeden: Excellent. Well, that's very good to hear Mr. Bernardino, what was your experience with election disinformation campaigns this year through social media and other channels, and how were you able to counter them?
Justin Bernardino: So I'll start with our phone lines were blown up with people calling because of misinformation out there. People who were maybe misinformed, but were asking questions in good faith, we were able to counter them to the extent that we're able to allow people to vote. We were successful with that. We received a lot of positive feedback from voters who checked their ballot or signed up for ballot tracking alerts, and that made them feel real comfortable.
Also Neil Kelly, our registrar, he was referred to recently in the paper as a voice of competence and information about election integrity in a highly volatile year. Countering them is hugely difficult, but we provide as much transparency as possible while trying to keep everybody safe. Ironically, I think forcing us to think of election observation differently under COVID probably provided the most transparency we've ever had because we had to start using technology to accommodate social distancing and so forth.
So like WebEx that allowed anybody anywhere at any time to observe any part of the ballet County and have a closer look at the ballots, because now we're focusing cameras on them to go through WebEx. So it was ironic in that sense and maybe we'll continue doing that even after COVID.
But I think that there's these cases where it doesn't matter what the truth is, you're still going to have some people who don't accept it. The fact that the elections were secure and accurate is provable. That's a provable fact. So with everything, our successes I mentioned before, and I think also we take the long view that the truth about the security and accuracy, the election becomes more and more evident as time goes on.
John Breeden: Excellent. And thank you for mentioning some of those things that were put in place to counter that and to make people feel better. I know in Maryland, I signed up for a mail voting and I would get the email alerts. Your ballot has been accepted. Your ballot has been looked at and all that. And it did make me feel a whole lot better. So that's a neat thing.
Mr. Herring, New York, like many large and prosperous states always seems to be targeted by these disinformation campaigns. How did you work to counter them this year?
Justin Herring: So like some my colleagues in other states, before we even got to the disinformation challenge, we also had a large information and education challenge because so much about this election is different in past elections. And there were new and understandable anxieties about voting during a pandemic. As mentioned earlier, we had a universal absentee balloting option. We had an early voting period for the first time in a general election.
So setting aside the concern about disinformation, we had to make sure people were aware of both the options, how to vote early, or how to get an absentee ballot and vote by mail and be comfortable doing that during a pandemic. There was a big information, big logistical, and a big educational campaign centered around helping voters to understand all the new and different ways of voting and getting folks comfortable about how we were going to push forward to the election during the pandemic.
That was largely a success overall turnout during the election was up. And it may have had the benefit too, of actually laying the groundwork for defeating this information. One of the things that we emphasized was something I've heard called filling the void, making sure that people have accurate information from official sources that they know how to get to, and that it's available for them.
So that's complicated of course, because in other places, elections are locally controlled. So you have 62 different counties and different counties have different websites, different social media accounts, different ways of communicating. But I think by and large collectively across the state, we were able to make sure that people had accurate information that they could find information from official sources.
And I think that's certainly contributed to what we saw, which is what we saw was that we not see any significant disinformation campaigns that really disrupted the voting in New York, which is not to say that we didn't see any disinformation. We certainly did see some, but by and large, I don't think it was as consequential as we had feared it might be.
I like to think that part of the reason it wasn't as consequential was because we in New York and our partners and other states and in the federal government in places like elections ISAC did so much to prepare to combat it. We did have some incidents, for instance, we saw someone set up a fake New York State Twitter account even use the New York State seal on it.
And we prepared to that by opening a line of communication and talking to the social media companies beforehand. So we able to report that to Twitter and get it taken down in pretty short order once we learned that. So I think that a combination of good luck of probably a lot of hard work done in a lot of different places at different levels of the government. And a lot of preparation helped us to get through this without anything like the worst case scenarios we'd hear before the election.
John Breeden: Excellent. Well, thank you. That's a very good to hear. Ben, the Election Assistance Commission, does it provide any help in this area for local election officials that are concerned about disinformation campaigns?
Ben Hovland: We worked on this in a number of ways. One of the ones that I think was a particularly important effort this year, that it was proud that we participated in was supporting the National Association of Secretaries of State #TrustedInfo2020 campaign, which was really about educating the public about the need to go to their state and local election officials as the trusted source of election information. That was a big deal.
I used to work at the Missouri Secretary of State's Office, and I've told the story that this was back in 2008, 2009, and we would get calls yelling at us about Hillary Clinton because she was Secretary of State of the nation. And so a lot of the times Americans don't know where to get that trusted source information.
So I think efforts like that, driving people to their state and locals recognizing that election processes and procedures vary across state lines for those of us that are in the greater Washington, D.C. area obviously you have different rules in D.C., in Virginia, in Maryland and West Virginia gets hit in the TV market. And so having people go to their election officials is a big part. And so any way that we could amplify those trusted sources we tried to.
Additionally, the EAV Survey I mentioned earlier, this was a big part of some of the efforts that we had in pushing back on disinformation or assisting media with fact checking efforts again, having those statistics. One example that jumps to mind, Paul brought up some of the information out there around vote by mail for a lot of people or absentee balloting.
I think a lot of people were treating this, like it was something totally new. And we knew from EAVS data that in 2016, nearly a quarter of Americans had voted that way. And so being able to communicate that, highlight that this was something that has existed for a long time, that there are these practices and procedures in place. All over the place I think was important.
But as I look at this issue, I think there is a lot more, we can do some of that's resource dependent at the EAC, but we need first and foremost in my mind is probably standing up a bit more of a one-stop shop website to get people to their trusted source information, get them the basic information, but get them to their state and local election officials to get that accurate information about elections.
John Breeden: Excellent. Thank you, Ben. Geoff, can you tell us a little bit about CISA's efforts to counter miss and disinformation campaigns during this election?
Geoff Hale: Thank you. Happy to. As a federal government, we were thinking of it almost as a supply and demand challenge. We have partners in the intelligence community, partners in law enforcement, the FBI in particular, that focus on that supply side. They're taking down the bad guy, the fake accounts by foreign actors.
In this election cycle, we really tried to work as many of the other panelists have said, we tried to work on the other side of the ledger, the demand side, the really that interaction point between the American public and disinformation. We were part of the NASA effort or trusted voices and partnered with several organizations to try to broaden awareness of the threat of disinformation and educate on the tactics of disinformation. But as the election approach, we understood that we'd have to get into a little element of counter messaging.
We knew from previous election cycles, some likely areas for disinformation so we took steps to pre bunk as opposed to debunk that disinfo. And we did that and posted it on our rumor control site where we tried to provide clear, concise, sourced responses to address some of the disinformation in this cycle.
We're then able to partner with some of the social media firms to make them aware of this as a resource for what we were seeing, targeting election infrastructure rumors, specifically about the infrastructure and the administration of voting in that manner and to help serve as a resource for the voters and anyone of interested to understand the safeguards that may be in place that actually did have the evidence that shows that this was a secure election.
Obviously this was only scratching the surface of addressing the emerging risk of disinformation, and we're looking for new ways to go forward, but considering where we were in 2016 to 2020, this has been a fascinating growth.
John Breeden: Well, thank you, Geoff. Lewis, how much of a threat is disinformation or was disinformation, and do you expect it will be a problem for future elections as well?
Lewis Robinson:Well, one thing I've learned since joining CIS is that perceptions and everything and elections, and I think disinformation is a significant threat to what we can expect in the future. Certainly, it's going to be a concern and I support the response of others on the panel. I think the most important tool against disinformation is that continued communication with the public, from the state local election officials on their processes as Mr. Hovland and others mentioned, those awareness campaigns, educating the public on the processes.
Another piece of it is maintaining official sites, your official websites as the verified information source on those processes. And as Mr. Hale mentioned working with others and having that response in real time to counter that disinformation that's out there, given the facts versus that the fiction that's being put out there and doing that via the various forums the platforms that are out there be it social media platforms that are available through the press whether it's written or the TV, radio spots whatever we need to do to get that out there. And again, working together as partners to combat this and future elections.
John Breeden: It makes a lot of sense. Thank you, Lewis. Sean, how frustrating is it to deal with disinformation campaigns when they exist outside of the direct control of your cybersecurity teams? How do you advise your customers to prepare to deal with them?
Sean Frazier: So I think the main thing is to focus on what matters. And I mentioned earlier that cybersecurity is a vigilance game. So it's all about keeping focus, maintaining focus on building out your cybersecurity program. Making sure you're adopting, what I would consider based upon your offering, based upon your DNA, security is going to become part of your DNA.
And there are different ways that you can do that. I think for me, it's about keeping things simple, keeping things right in front of you and offering those protections. Disinformation has been around forever. We're living in the Internet age. So of course the Internet is a megaphone for this information, but it's been existing as long as we've been human beings, right? It's one of those things that you just gotta have to keep in the back of your mind and you have to keep tabs on it.
As people have mentioned here, some of disinformation is people just defacing websites, some of it's coordinated because guess what attackers are just like us, they're people. You're going to have to think about the way they think of things. Sometimes disinformation is coordinated with attacks and we have to be able to discern one from the other.
But as long as we adopt a security mindset from day one, bake cybersecurity into our DNA. Every time we put out a new application, every time we put out something where user needs to access something, we have this holistic approach to security where it's built in, where it's adaptive, and it can then be used to counter any of the threats that someone might use on the attacker side while we're keeping an eye on the disinformation.
John Breeden: It makes a lot of sense, Sean, thank you. In addition to being a very contentious election season, 2020 was also unique because we had the COVID-19 pandemic to deal with. Something some of our guests have already mentioned a few times. This forced a lot of jurisdictions to really increase remote voting and also to secure local sites, not just in terms of security, but also in terms of safety, putting distance between people, cleaning the machines and things like that.
So Paul, I have to start with you on this one. You are famous for being quoted in the New York Times and several other papers. You were the Florida election official who came down with COVID during the election. How much of a burden was COVID to you and your staff? And what did you do to keep your voters safe, to make sure that they didn't contract COVID like you did unfortunately?
Paul Lux: That was actually one of the, I mean, I hate to say interesting things that happen during the election, because I was diagnosed along with several of my staff the week early voting started. I had to be out, my symptoms were backed up a few days into the week before, but I had to miss basically that whole first week of early voting, working from home and that the New York Times on my trail and in an interview with them the 28 October quote of the day was my very snarky comment that all we were missing was the asteroid landing with the flesh-eating zombies and our year would be complete.
And so it certainly was problematic in that some of my other staff who were also tested and also went out around that same time at a very critical time as we were hitting the last few days of our ability to take absentee ballot requests and to mail those ballots out which made other staff members. We basically lost our entire vote by mail team. We lost the people who backed up the vote by mail team. All of them were gone within a space of about three or four days.
So thankfully my case was very mild. Several of my staff were actually asymptomatic, although positive. So we were just counting down the 10 days to come back. So I had almost all of my team reassembled by the Saturday, before the election. I had the other staff were able to step in using a lot of remote access from those of us who were working from home and being able to direct them to get the job done with getting those last few days of vote by mail ballots out on time, without missing any deadlines.
And then it was just the crush of trying to get everything done because we had to cancel about a week's worth of canvassing boards. So we were hoping to stay ahead of the flood of returning vote by mail ballots. So that put us behind the curve on that as well.
And then all at the same time, as you mentioned, right? So now what are you doing to keep your voters safe too? Because when the voters hear that your office has been closed, how am I supposed to pick up an absentee ballot, drop off an absentee ballot? We had to create kiosks outside of our office to serve the walk-in public who had a legitimate need to come in and get a ballot.
Of course, we already had Dropbox's in place. We figured out a way to socially distance, our canvassing boards and get that working. And then at the end of the day, we had all of the recommending that people wear masks in a jurisdiction that did not have a mask ordinance so there was no requirement for it, but we highly recommended everybody wear masks.
Our poll workers were provided with all the PPE that we could find face masks, face shields, the big plexiglass things over the voter check-in stations, and any place that a poll worker would interact with a voter face-to-face, we had a big plexiglass shield there, which of course creates logistical delivery problems and all of that.
And then just hand sanitizer and disinfectant wipes and extra poll workers to do those things to go around behind voters. We used disposable secrecy sleeves instead of reusable ones so it was once we gave it to you, the voter, we don't want it back. We don't want to touch it. You need to throw it in that trash can over there for recycling or take it with you when you leave.
We did a lot of those things just to reduce all of the exposure. And I'm happy to report that, we did not see any spike, certainly in my jurisdiction. And for the most part across Florida, we did not really see a large spike in COVID cases in the immediate weeks following the election which is just a good metric to know that we were on the right track for doing everything we possibly could to keep all of those folks safe.
John Breeden: It makes a lot of sense. Thank you, Paul. And we're really glad to hear that you've recovered fully from your ordeal as well. Mr. Bernardino, Orange County is a very large municipality, and of course that means that you are dealing and we're dealing with COVID-19 related problems. How did that affect your election?
Justin Bernardino: Everything, so everything you do now with the election takes more energy, effort and planning. For example, we had to locate larger vote centers to accommodate physical distancing. We had to recruit more employees to work those sites, as they're wiping down the equipment. It was also information recruiting workers and making sure that they feel comfortable, that they know that they were safe.
Like I mentioned earlier, increasing our footprint for observation, coming up with new and creative ways to allow people to observe every bit of the process while maintaining safety. So everything that we had to do, everything we knew about running elections, we had to throw some of that out the window and just reconsider it due to COVID. So it was a lot of extra energy for every single process.
John Breeden: It makes a lot of sense. Well, thank you. I'm glad that it worked out okay for you. Mr. Herring, New York was hit early during the pandemic which made your primary election very challenging. I know in New York we were watching that across the country how things were going there. How did COVID-19 affect the general election in your state and how did you deal with that?
Justin Herring: Yeah, I think the short answer to echo just is it affected everything. It was a big change because you mentioned like, and as we talked about when we were all here together in July, New York had to postpone its primary. Primary was scheduled the fall in April. And as some of you may remember, that was really the throws of the pandemic, which was hitting New York extremely hard at that time. So it was postponed to June.
It did ultimately I think in a lot of ways help, we carried that out in the primary election. Now we get a lot of the things that we ultimately did for the general election, including universal absentee balloting, and early voting period. Some of the cybersecurity planning and measures that we put in place for the primary are most of the same ones we used for the general election. And that experience, I think helped us a lot when the general election came around.
We did have, I think I mentioned earlier the pretty extraordinary logistical undertaking that took place in order to create an absentee balloting option for all more than 10 million New York voters, create an early voting option with polling places and poll workers were open for 10 days, nothing like that ever been done for a New York general election. And we did get millions of new Yorkers, almost half of all New York voters voted either early or absentee.
And one of the payoffs for that was that on actual election day, even though turnout was up overall for the election, only about half, as many people voted on the actual election day. And given all the work that had gone into prepare for an election where we were going to need to be able to have millions of people voting in a safe and socially distance way, the fact that, we were able to get more about half of new Yorkers were able to vote before election day or by mail really helped us a lot, I think and we were able to get through the election.
We actually had fewer problems than in the past with things like, long lines at election centers, not withstanding the need for social distancing. And so there were certainly a tremendous amount of upfront work that went into making the election during the pandemic possible. I think ultimately, it did pay off. We had single election day and we were able to get the election done in a way that was safe and fair. And also I think inspired New Yorkers confidence that the election was safe and fair.
John Breeden: Excellent. That's very good to hear. Geoff, I bet in your many years working with CISA, you never thought that a threat to election security might actually be biological. I realize it's not really a cyber problem, but how did CISA adapt its work through the pandemic and what were some of the lessons you learned from this process?
Geoff Hale: I certainly wasn't in the playbook. I thought Mr. Herring was made a good point about the timing of when we all shut down. It was right there early on in the primaries. At the point of that interruption, election officials were reaching out urgently needed more information to make decisions about their election processes, both how to continue to run their primaries and what they were going to do for the general.
I mean, we've been in under these conditions for so long now that with so much more information than we had at the time. We were getting questions of, how did the virus spread? What densities would be concerning? Would it survive on paper? Would it survive on writing utensils? What cleaning methods worked to kill the virus?
Commissioner Hovland and CISA lead this government coordinating council for the election infrastructure sector. As part of that, we were able to ask our federal partners like the CDC and the postal service to hold these meetings. The first one was March 25th to start having conversations and let election officials identify the gaps of information that they needed addressed to make their decisions.
It quickly became clear that election officials were going to modify their election processes to make it safer from the virus, both for their voters and for their staff, whether they're going to early voting absentee by mail or putting in safeguards for in-person voting on election day, we understood there was a need to produce guidance documents on all of these things like voter education, about the administrative changes, steps you can take for in-person voting, steps you can take for mail-in voting and the importance of accurate voter data in making these changes.
So we partnered and produced these documents that were really there to help smooth the transition that the election officials were undertaking and make sure that they were making those transitions with their security measures in place so much easier to do it when you plan for it and to try to tack them on afterwards and really lessen any operational risk of any transition of voting administration.
John Breeden: Great. Well, thank you very much, Geoff. That makes a lot of sense. So we're running short on our time today. We're at the bottom half of the extended half hour. So if I had my way, this has been such a great discussion. We could talk for hours, but we do have to start wrapping up. So as we get towards the end of our time today, I wanted to first off thank all of our guests for being here and for their vigilance in protecting our election.
And I also want to ask them each one final question, and that's about our future elections. So obviously it may seem a little early, but the new election cycle is starting already. Then your position on the Election Assistance Commission gives you an overview of the election across the country. Based on what you saw in 2020, what do you think are the key takeaways as to why this election was successful and safe and what can we do to work on to secure future elections as well?
Ben Hovland: Yeah, thanks to that, John. First and foremost, you have to give credit to the state and local election officials who did an amazing job running this election. Like we heard Paul talk about, I mean, they put their personal health on the line in service of our democracy and they deserve our thanks, appreciation and just all the credit in the world.
I think from a federal level, some of the things that we can do, the critical infrastructure designation, it really has led to a sea change in information sharing. I think the analogy or exchanging business cards in the storm gets overused. But part of what Geoff was talking about earlier, the success of the critical infrastructure, governance structure. We had government partners, we had private sector partners on that joint working group.
And we were talking in April with mail vendors about whether or not they were going to have enough capacity for November with the increased demand and how much they could scale up. If we weren't able to have those conversations quickly, it certainly would have made a difference.
I think again, you also saw a new generation of poll workers step up this year. That made a huge difference. That's always a challenge from the EAV Survey, I mentioned earlier. We know in 2018 that 70% of jurisdictions have at least some challenges getting poll workers. I hope a silver lining out this year will be a new generation of Americans will continue to participate, but just really in some, I think the biggest things are this didn't happen on accident.
It happened because people did hard work because we invested in elections. We've got to keep doing that whether that's cybersecurity issues, whether it's generally broader election issues. I've said before, and I'll keep saying that election administration is the infrastructure of our democracy. I think we have to invest in that. We have to make sure it's strong and that takes a commitment and it takes a lot of work. And so certainly I appreciate everyone who helps make it stronger. Thank you.
John Breeden: Excellent. And we appreciate you showing up and helping to continue those efforts for our audience today, Ben. Paul, first off, thank you for all your work in Okaloosa County given what you experienced with this election, which was quite a lot, what are some of the important things that you will be concentrating on and considering in the future?
Paul Lux: Well of course, as you mentioned, so we are already preparing for, we have elections in March. So of course almost everything that we did and made sure was in place for our elections last year. We will be doing for our smaller municipal elections this year. Although certainly we won't be expecting a 70 some percent turnout. Not that, that wouldn't be nice.
One of the big takeaways, and I didn't mention it as any part of the challenge that we had in 2020, but our part of Florida got hit with not one but two hurricanes at critical times. Gosh, it sure would be nice for us to move those elections out of hurricane season, but since that's really not an option, you just have to make sure that you have all of your coop plans up to date, make sure you have your partnerships already in place, nothing more vitally important than knowing who you can lean on when the rubber meets the road you have some of those big problems.
Of course, constant vigilance when it comes to cyber security. It's one of those things that you don't get to stop and rest because you know that the enemy on the other side is not stopping and taking a break either. It's vitally important to continue working with CISA, with CIS, with the EAC and both MS and EI-ISAC to make sure you stay current, to make sure that you're doing everything you possibly can to keep your end of the equation correct.
Florida, we have started a new agreement with the state that will give us a better mold for making sure we're doing everything that we know we're supposed to be doing just to have an extra set of checks and balances as we go forward to make sure that we're maintaining everything that we have done thus far to make sure everything stays secure.
And until we have herd immunity and the ability to take those masks off and go back out in public, we'll have to continue to work to slow the spread of COVID to keep our poll workers safe, to keep our voters safe. And just keep learning, stay in touch with the CDC people and your local department of health people. Whenever you need resources, risk management people and my county emergency management people were absolutely brilliant this year.
They had to come in and deep clean our offices before we could reopen to the public after having that many people test positive in one spot. Just all of that stuff, all of those partnerships are just vitally, vitally important. You can't wait until you need it to start hunting down who is best to help you. You got to have all of that in place before it happens.
John Breeden: Excellent. Well said, Paul. Lewis was your first election as the VP of Elections Operations at the Center for Internet Security, how do you think it went? And what do you think are some of the important lessons from 2020 that can help out during future elections?
Lewis Robinson: John, as I mentioned, I came in four or five weeks for the election so it was certainly an interesting time and I had a chance to observe things. And I believe that from a cybersecurity perspective, the 2020 election was a success. We can see that after the years of building those partnerships that I keep talking about and the planning and exercising, the elections community executed what we have practiced.
Obviously, the lessons learned from previous election cycles help to develop this year's plan. And as was just mentioned, another lesson coming out in 2020 is that EI-ISAC members and state and local government are taking the advisories that they receive seriously and making the necessary adjustments like installing software patches, fixing system configurations, whatever the necessary fix is.
Another point coming out of 2020, I think as we look to the future is that as the ISAC were able to bring the community together quickly, share that information, address the risks that are identified. I mean, everything went as smoothly as it did because every most prepared maintain that preparation going for will be key. And as we prepare for those future elections we will continue to provide support for our election community partners. We're always going to be there for them in this election space and we're happy and proud to be a part of that.
John Breeden: Great, thank you so much, Lewis. Mr. Herring, given the sheer size of your state, I know that running a safe election is always going to be a challenge, but you did it this year. What do you think were the most important factors in that victory and things that you learned moving forward?
Justin Herring: I'd start with the planning and the building lines of communication and partnerships before the election, right? I mean, that would certainly include tabletop exercises we did, coordination calls. The State Board of Elections and Secure Election Center made training available to all the County boards of elections on basic cybersecurity, hygiene implementation and cybersecurity awareness.
I think that those efforts really paid off and we did have a cybersecurity incident during the election, and we had some other incidents too. We were already in a position to share resources, to communicate, to coordinate. And that goes for our partners outside the state too. My hats off to Lewis and his colleagues at the elections ISAC, they were really tremendous in the assistance they provided throughout the entire process to the state and counties in New York.
And we also had a great partnership to Japanese colleagues at CISA. We were in daily contact with folks at CISA throughout the period, sharing information, getting updates from them and the federal perspective too. I think that was key.
And in many ways, the act of preparing for the election itself helped us to build those lines and those relationships between some of the parts of the state government, like my own part that were pitching in to help out county governments and the state board of elections made it cohesive even for the primary and then again for the general election.
The second thing that I would highlight too, is just that this is a long-term project for us. And I think that's an important point to make to a lot of the issues around election security are not the kind of things that you can easily address in a single election cycle, right?
Particularly when you consider that in New York, for instance, is 62 different counties and multiplicity of other agencies that are involved in the elections. Anybody you're talking about getting off legacy infrastructure or building up the right info sector expertise on staff in each of those organizations, these are long-term projects.
New York, we started in 2016 and 17, and we're still going, I don't see it as a project that has any end date. And so to the extent that we had success in 2020, much of that was predicated on work that started a couple of election cycles before hand.
John Breeden: It makes a lot of sense. Thank you. Mr. Bernardino, have a lot of experience with election security. In terms of the 2020 election, what do you think was the most important lesson that you learned? And do you have any advice that you can offer about securing future elections?
Justin Bernardino: I'll keep it short and sweet. I think what everything we talked about on this call, we need to treat every election in the future like it was November, 2020 regardless of the circumstances, the scrutiny, the media coverage, the efforts that we talked about on this that we applied to it should be applied every election going forward. Like the speaker said not to rest on our laurels, but to also continue to increase the efforts.
John Breeden: Great. Well, thank you, Mr. Bernardino. It makes a lot of sense. I look forward to talking with you on the 2024 show or the 2022 show about elections. Sean, based on everything that you saw during the 2020 election, what do you think went well? And would you have any advice for people charged with ensuring safe elections in our future?
Sean Frazier: Yeah, first of all, I'd like to add my thank you to the folks who work on this noble endeavor. A lot of people don't do this full time and there are a lot of people who volunteer and don't get paid at all. So thank you very much. I always go back to that old saying that necessity is the mother of invention, but I changed it a little bit and say necessity is the mother of innovation and protection.
And I think what we've learned is that we can walk and chew bubble gum. We can create a secure and efficient election system with a mixture of mail-in voting, with a mixture of early voting, with a mixture of same day voting. And as long as we're vigilant on the security side, and as someone just mentioned, don't treat it as if it's ever done because it's never done. Cybersecurity gets in you, it's got to be part of your DNA. It's got to be part of your everyday as you're rolling these things out. So the most important lesson is be ever vigilant.
John Breeden: Makes sense. Thank you, Sean. Good words. And Geoff, you were one of our newest guests. So I think it's only fair that you get the last word on the show today. I know it's a little early, but what will CISA's election security team focus on in the next election cycle based on what they learned this time around?
Geoff Hale: No pressure and last word. First, thank you for having me. This discussion has been a pleasure. Really this election was secured due in large part to the incredible efforts and professionalism of election officials and their partners in the private sector. We saw incredible progress from where we were in 2016 and 2018. That progress has seen in the growth of security practices and the planning, patching and vulnerabilities of network monitoring of really joining in this robust election security community, improvements to auditability and auditing.
At CISA, we're really proud to play a part in supporting election officials as the security systems and we want to continue to build upon this progress, particularly with the small and mid-size elections jurisdictions, local election officials are tremendously important in the security of this critical sector. Leading them, getting them the help and more importantly, getting them the resources that they need was a big focus of ours leading up to 2020. And that's going to be our continuing focus going forward.
John Breeden: Excellent. Well, thank you so much. I'd like to thank all of our guests for an amazing discussion today. I learned a lot and I'm sure our audience did as well.
Speaker 1:Thanks for listening. If you'd like more information on how Carahsoft can assist you in securing your upcoming elections, please visit www.carahsoft.com or email us at electionsecurity@carahsoft.com. Thanks again for listening and have a great day.