Black Hat , Election Security , Events
How to Account for Disinformation Risks in Election Security
CISO Lester Godsey on Building Custom Frameworks to Combat Election-Related ThreatsPeople worry about the threat of hacking to national elections, but disinformation, misinformation and malinformation are increasingly critical issues in election security. Lester Godsey, CISO for Maricopa County, Arizona, is tracking these emerging factors, and he says traditional risk frameworks struggle to account for them.
See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare
Public officials in Maricopa, America's fourth-most-populous county, became targets of numerous threats related to the 2020 election, and those threats continue. The county created a risk framework that blends traditional cybersecurity structures such as NIST and FAIR with real-world assessments to tackle both digital and physical threats posed by traditional and social media, Godsey said. He said Maricopa County fuses frameworks, tools and threat intelligence together to examine digital systems as well as physical and reputation risks (see: Social Media and the Threat to Cybersecurity).
"Some of our elected officials have received so many credible threats that they've had to hire physical security services to protect themselves and their families," he said. "As a cybersecurity team, we have found ourselves not intending to be in the business of physical or kinetic risk mitigation but because we do threat intelligence gathering, we have seen indicators of potential non-cyber types of risks."
In this video interview with Information Security Media Group at Black Hat 2024, Godsey also discussed:
- Challenges in quantifying reputational and physical risks posed by social media;
- The connection between disinformation and physical threats to election workers;
- How Maricopa County works with federal agencies to address emerging threats.
Godsey has led all cybersecurity and data privacy efforts for Maricopa County since 2019. Prior to that, he spent nine years with the city of Mesa, Arizona, culminating in a role as CISO/CPO. He has more than 25 years of higher education and local government IT experience and has spoken at local, state and national conferences on topics ranging from telecommunications to project management and cybersecurity and data.