Fact: North Carolina elections officials have no evidence that any election system or voting system in the state has ever been the target of a successful cyberattack.
The State Board of Elections works with many partners to improve the security of elections at the state and county levels. These efforts use industry best practices to form a reliable security strategy. The actions below are highlights of the State Board's cybersecurity activities:
- Regular penetration testing and threat hunting on election systems
- Physical security reviews at the state and county levels
- Regular external vulnerability scanning and remediation of any findings
- Regular infrastructure system patching
- Formation of security policies in alignment with the N.C. Department of Information Technology
- Incident response planning, tabletop exercises, and awareness training
- Extra cybersecurity monitoring and response by all partners during election events
- Regular receipt and analysis of information and alerts related to cybersecurity risks
Also, the State Board recently analyzed the cybersecurity status of the organization using guidance from the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
This effort helped to provide awareness around cybersecurity risks and identify ways to reduce those risks. From this, the State Board built a road map to improving election cybersecurity in North Carolina moving forward.
We are also building an internal cybersecurity team to quickly complete cybersecurity projects.
All State Board employees train to assist in securing North Carolina elections, including courses on the risks and warning signs of phishing, malware and other hazards. This training is also provided to county boards of elections.