1. The Election Authority must utilize the Illinois Century Network (ICN) for connectivity to the State Board of Elections or have entered into an agreement to do so as soon as practical.
2. The Election Authority must participate in the outreach portion of the program.
3. The Election Authority must allow the Cyber Navigators to complete a risk assessment and an analysis against the Center for Internet Security’s recommended procedure.
The ICN is the equivalent of an office intranet that connects the entire state of Illinois. When one ICN user directly sends a file to another ICN user,
that file remains inside the network and therefore never makes it to the World Wide Web. The service also provides 24/7 monitoring,
protection from Distributed Denial of Service Attacks (DDoS), strong firewalls, and an Albert Sensor. The ISBE is using Help America Vote Act (HAVA) funds to
connect every Election Authority office to the ICN. Eventually, the Illinois Voter Registration System (IVRS) will never have to send data over the World Wide Web,
which provides added security to the transmission of voter registration information. The ICN provides safer internet usage for all connected agencies.
- Register with EI‐ISAC
Illinois is dedicated to ensuring that all Election Authorities have the resources and knowledge to prepare and prevent an incident. The Elections Infrastructure Information
Sharing & Analysis Center (EI‐ISAC) is a resource for Election Authorities to receive election specific information on the national level. The CNP team has been working with
EI‐ISAC to certify that all agencies in Illinois have a representative signed up to receive alerts. As of July 29, 2019, Illinois has 100% membership within the EI‐ISAC.
- Establish Two‐Way Data Sharing
The Election Authority agrees to receive information from the program and, importantly, share any cybersecurity related issues they come across directly with program managers.
- Annual Security Awareness Training
Each Election Authority office is required to take a cybersecurity‐based training. At least one member from the office must take a short test based on the training. All other
members of the office can, and should, take the training, but are not required to be tested. The training covers basic cyber hygiene and awareness
The CNP calls for eight CNs, two for each of the four geographical Election Authority zones, and one Lead Navigator. They all work under DoIT and coordinate operations with the ISBE.
CNs are IT professionals with a background in security. They must travel to the offices of Election Authorities to conduct risk assessments and make recommendations on how to
improve security, both cyber and physical. CNs also review documentation and general practices of each office so they may recommend updates, configuration changes, and best
practices that are tailored to each individual office’s needs.
The program plans to grow the CN role to offer new services as the program matures.
All Election Authorities that participate in the volunteer Cyber Navigator Program are eligible for grant money to spend on physical and cybersecurity.
There is a base $10,000 grant with additional money allocated based on the voting age population for the area each Election Authority covers.
Participants must submit an itemized list of what they intend to purchase with the grant money, this ensures it is used on security related equipment, services, or staff.
Voting equipment does not qualify as security related equipment for the purposes of this cybersecurity grant.
Election infrastructure has become a focal point for foreign cyberattacks. The United States Department of Homeland Security (DHS) designated the United States
election systems as critical infrastructure for the country on January 6, 2017. In March 2018, the federal government appropriated $380 million in grants to the
states to improve election security.
The Illinois General Assembly tasked the Illinois State Board of Elections with creating a cybersecurity program to help every Election Authority in the state
improve their cybersecurity posture. In 2018, the Illinois legislature passed Public Act 100‐587 (specifically 10 ILCS 5/1A‐55) and the State Board established the
Cyber Navigator Program (CNP) through Administrative Rule (Title 26, Chapter I, Part 213.)
The State Board of Elections is tasked with building a relationship with Election Authorities to facilitate the sharing of cybersecurity related information.
This includes increasing defensive knowledge through distribution of resources and training but also providing guidance when a cyberattack does occur.
They also help coordinate information sharing between critical infrastructure, information technology, and law enforcement agencies.
The SBE maintains multiple distribution lists for our partners. The creation of the distribution lists has assisted in providing targeted information to each
partner in the program. These lists provide technical cyber bulletins to IT professionals throughout Illinois and election security specific information,
along with general office security tips, to Election Authorities.