To protect the integrity of Oregon’s elections and other systems, The Office of Oregon Secretary of State (SOS) has multiple layers of defense controls, including hardware and software designed to prevent cybercriminals from gaining access or misusing our systems.
We routinely perform threat analysis and risk assessments on our systems. Assessments are done by internal staff as well as third parties contracted to perform assessments. As a result, we continue to improve security processes and protections for all systems.
Preventative and Detection Measures
We use both preventative and detection measures including:
- Patch and vulnerability management
- Continuous monitoring of systems
- Incident management planning and tools
- Security training
Over the past year we increased our security efforts with:
- Upgraded network firewalls
- Requiring a VPN to access the SOS network remotely
- Upgraded antimalware solution with enhanced monitoring and alerting for unusual activity
- A third party risk assessment, including controls assessment, physical security testing, social engineering testing, and network penetration testing
- Third party penetration testing of ORESTAR
- Upgraded log collection and monitoring system to handle increased amounts of system and application data in order to increase our visibility and understanding of system activity.
- Nearly doubled the amount of security dashboards used to monitor and audit security data from the SOS network and systems.
- Mitigated identified application security vulnerabilities
- Provided Oregon Counties secured upload platforms from which to transfer elections data
Security systems are never finished and need to continue to be improved and modernized. We are currently implementing:
- Inspection of encrypted traffic
- Network access control – detection and blocking of unauthorized devices attempting to access the SOS network.
- Ongoing phishing campaigns to test and educate staff.
- Ongoing testing and scanning for application security vulnerabilities
We are also in the planning phase of the following projects that will be completed before the 2020 Primary Election:
- Multi-factor authentication for county elections staff
- Election system disaster recovery
- Increased monitoring and log collection for OCVR
- Install agents on high value targets’ workstations to collect and forward log data. This includes workstations for security, information systems, and elections staff, as well as management.
In 2016 we successfully blocked attempted cyber-attacks by the Russian Government. Today, our
systems are much more robust. We will continue our efforts to secure our election and other systems and implement best practices as we continue forward in this battle.