Elections Security

To protect the integrity of Oregon’s elections and other systems, The Office of Oregon Secretary of State (SOS) has multiple layers of defense controls, including hardware and software designed to prevent cybercriminals from gaining access or misusing our systems. 

We routinely perform threat analysis and risk assessments on our systems. Assessments are done by internal staff as well as third parties contracted to perform assessments. As a result, we continue to improve security processes and protections for all systems.

Preventative and Detection Measures

We use both preventative and detection measures including:

  • Patch and vulnerability management
  • Firewalls
  • Continuous monitoring of systems
  • Incident management planning and tools
  • Security training

Increased Security

Over the past year we increased our security efforts with:

  • Upgraded network firewalls
  • Requiring a VPN to access the SOS network remotely
  • Upgraded antimalware solution with enhanced monitoring and alerting for unusual activity
  • A third party risk assessment, including controls assessment, physical security testing, social engineering testing, and network penetration testing
  • Third party penetration testing of ORESTAR
  • Upgraded log collection and monitoring system to handle increased amounts of system and application data in order to increase our visibility and understanding of system activity.
  • Nearly doubled the amount of security dashboards used to monitor and audit security data from the SOS network and systems.
  • Mitigated identified application security vulnerabilities
  • Provided Oregon Counties secured upload platforms from which to transfer elections data

Continued Efforts

Security systems are never finished and need to continue to be improved and modernized. We are currently implementing:

  • Inspection of encrypted traffic
  • Network access control – detection and blocking of unauthorized devices attempting to access the SOS network.
  • Ongoing phishing campaigns to test and educate staff.
  • Ongoing testing and scanning for application security vulnerabilities We are also in the planning phase of the following projects that will be completed before the 2020 Primary Election:
  • Multi-factor authentication for county elections staff
  • Election system disaster recovery
  • Increased monitoring and log collection for OCVR
  • Install agents on high value targets’ workstations to collect and forward log data. This includes workstations for security, information systems, and elections staff, as well as management.

In 2016 we successfully blocked attempted cyber-attacks by the Russian Government. Today, our systems are much more robust. We will continue our efforts to secure our election and other systems and implement best practices as we continue forward in this battle.

​​ ​​​​​​​

​Oregon Election Security Symposium

Threats we face and steps to protect our elections.​

Protect2020 - What Can You Do?

FBI Protected Voices​
Understanding Foreign Interference in 5 Steps
Foreign Influence Taxonomy
Social Media Bots Overview
Disinformation Stops With You
Investigate the Issue
Question the Source
Recognize the Risk
Talk to Your Circle
Think Before You Link​
Technology for Federal Election Security Funding

Associated Press

Attendees at training  
US election officials get military-style training

InSight - Oregon Election Security

CCTV Insight Oregon's Election Security welcome screen  
Cybersecurity in Oregon's vote by mail system

​Oregon = Secure Elections 

Oregon is a model for the nation in securing elections.

Your Voice Your Vote

Steve Trout, Elections Director and Steve Dunn  
Director of elections talks election security

Oregon Matters of State Podcast

Steve Trout, Elections Director and Rich Vial, Deputy Secretary  
Find out the latest on election security.


Further Reading

The Cybersecurity Campaign Playbook​
Belfer Center for Science and International Affairs ​

Life of an Oregon Ballot Video

Ballot sorter being run by a county employee  
Wondering how your ballot gets counted?