Secretaries of State Gather for Winter Meeting ... 3 of 5 >
Feb. 16, 2018 - The NASS/NASED Joint Session: "State and Local Incident Response Playbook Walk Through" highlighted three playbooks recently issued by the Defending Digital Democracy Project (D3P) at Harvard Kennedy School’s Belfer Center for Science and International Affairs.
      

David Becker, executive director of Center for Election Innovation & Research, moderated a workshop on "Good Audits Make for Better Security" with New Mexico Secretary of State Maggie Toulouse Oliver and Colorado Secretary of State Wayne Williams.  Post-election audits allow officials to spot problems in the results and can help strengthen confidence in our democracy.  One message out of this workshop is that "all audits are not created equal."  The workshop provided a very interesting discussion on risk-based versus risk-limiting audits.  New Mexico has been doing post-election audits since 2008.  These risk-based audits are based on randomly selected precincts.  Colorado has over the past decade been working on risk-limiting audits, which it first implemented in 2017.  Based on a 20-digit random number, individual ballots are pulled in each county and compared with the inital reporting.  The system requires that the ballots be kept in order and uses an open source software tool.  Williams compared the risk-limiting audit to a soup tasting.  Provided the soup is well stirred one only need to taste a spoonful, regardless of whether there is a small pot or a large vat of soup.  The random number accomplishes the stirring.
See also: NCSL - Post-Election Audits
Tom Vessely, Director of IT, Indiana Secretary of State's Office, moderated a workshop on "Filling the Gaps in State Cybersecurity Workforce."  Participating were Robin Carnahan, senior advisor and head of state and local practice at 18F Acquisition; Yejin Cooke, director of government affairs at NASCIO; and David Forscey, policy analyst in the Homeland Security & Public Safety Division at NGA.  The discussion focused on how to attract and retain qualified cybersecurity staff.  Cooke noted, "There are more jobs [job openings], than there are people."  Carnahan said the specialized nature of IT is such that agencies should have a dedicated IT recruiter rather than just relying on HR.  One of the speakers warned of instances where an agency might be "pitched by the A team, but get the C team."
....next >