The Role of State and Local Cybersecurity Professionals in Maintaining Election Integrity

With mounting claims of voter fraud casting doubt on the integrity of the U.S. election system, state and local cybersecurity professionals increasingly find themselves on the front lines of preventing election interference and preserving election integrity.

ExtraHop recently spoke with the IT Security Officer for a county encompassing a large metropolitan area in an electorally important state. The IT Security Officer spoke to ExtraHop® on the condition of anonymity about an allegation made after the 2020 presidential election that the county’s voting system had been hacked and votes for both candidates had been deleted.

County Commissioners approached the IT Security Officer asking if the allegation was true. The IT Security Officer and his team had to investigate. After a painstaking review of logs, they were able to prove on the basis of firewall data that the allegation was, in fact, false.

In 2022, the IT Security Officer and his team deployed the RevealX™ network detection and response platform from ExtraHop to get threat visibility that they couldn’t obtain from their other security tools.

“We’re trying to get to the source of truth,” the IT Security Officer told ExtraHop, explaining why they deployed RevealX. “We get alerts, but I need the truth: Is this activity bad or benign?”

The IT Security Officer says the network data aggregated and analyzed by RevealX provides his team with the source of truth about what’s happening in the county’s IT environment, including its elections systems.

RevealX functions as a definitive source of truth because attackers can’t evade or disable the network and because it passively records all activity taking place on the network, including malicious activity. Threat actors simply can’t avoid the network: they have to traverse and communicate over it.

RevealX also monitors more layers of the network (Layer 2 - 7) and decodes more network, application, database, and internet protocols (over 90) than competing NDR solutions, in addition to providing advanced capabilities for decrypting encrypted network traffic. All of this provides state and local governments with broader visibility into any potentially malicious activity on their networks, including techniques attackers may use to gain initial access, move laterally, and evade detection. And by capturing and analyzing full network packets at speeds of up to 100Gbps, RevealX also provides state and local governments with definitive data about what is and isn’t happening on their networks, including election tampering.

With the new network visibility, monitoring, detection, and investigation capabilities provided by RevealX, the IT security officer is confident his team can handle any threat.