Section 213.10 General Provisions and Definitions


a) The State Board of Elections shall provide by rule, after at least 2 public hearings of the Board and in consultation with the election authorities, a Cyber Navigator Program to support the efforts of election authorities to defend against cyber breaches and detect and recover from cyber-attacks. The rules shall include the Board's plan to allocate any resources received in accordance with the Help America Vote Act of 2002 (HAVA) Pub. L. No. 107252, 116 Stat. 1666 (codified at 42 USC 15301 et seq. (2002)) and provide that no less than half of any funds received shall be allocated to the Cyber Navigator Program. The Cyber Navigator Program will be designed to provide equal support to all election authorities, with allowable modifications based on need. The remaining half of the Help America Vote Act funds shall be distributed as the State Board of Elections may determine, but no grants may be made to election authorities that do not participate in the Cyber Navigator Program. (Section 1A-55 of the Code)


b) Definitions


"Board" − The Illinois State Board of Elections.


"Code" − The Illinois Election Code [10 ILCS 5].


"Compromised" − The state in which a computer system, network, or data has had its integrity, availability, or confidentiality undermined by an attacker.


"Cyber" − Of, relating to, or involving computers or computer networks (such as the internet).


"Cyber Navigator" − Cybersecurity personnel directed by the State to enhance the cybersecurity posture of election jurisdictions.


"Cybersecurity" − The activity, process, ability, capability, or state by which information and communications systems and the information contained in those systems are protected from, and/or defended against, damage, unauthorized use or modification, or exploitation.


"Cybersecurity Posture" − Overall cyber security strength, particularly as it relates to the internet and vulnerability to outside threats.


"Database" − A structured set of data held in a computer, especially one that is accessible in various ways.


"Department of Innovation and Technology" or "DoIT" − The State agency with responsibility for the information technology (IT) functions of agencies under the jurisdiction of the Governor. This term also includes the agency tasked with managing the Illinois Century Network.


"EI-ISAC" − The Elections Infrastructure Information Sharing and Analysis Center.


"Illinois Century Network" or "ICN" − A service that creates and maintains high speed telecommunications networks providing communication links to and among Illinois schools, institutions of higher education, libraries, museums, research institutions, State agencies, units of local government, and other local entities providing services to Illinois citizens.


"MS-ISAC" − The Multi-State Information Sharing and Analysis Center.


"Phishing" − The fraudulent attempt to obtain sensitive information such as usernames, password and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.


"STIC" − The Statewide Terrorism and Intelligence Center


"Spear-phishing" − A more targeted form of phishing in which attackers first gain knowledge of their intended target and in which the intended target is a small group or individual.


"Whitelist" − A list of items that are granted access to a certain system or protocol. When a whitelist is used, all entities are denied access, except those included in the whitelist.


c) The Board will use no less than half of the funds from the 2018 HAVA Election Security Grant to implement the Cyber Navigator Program as provided in this Part.


Section 213.20 Infrastructure Illinois Century Network (ICN) Connectivity


a) The Board will modify the Statewide voter registration database, including the electronic canvas transmissions, to allow for connection from local election jurisdictions via an ICN established internal network.


1) The Board will make a reasonable effort for all direct connectivity to the Board's Statewide registration database to be from known whitelisted IP addresses.


2) Once all jurisdictions are connected via the ICN, the Board will require all system traffic between the election jurisdiction and the Board to use private IP addressing.


b) Each election jurisdiction participating in the Cyber Navigator Program shall connect to the Board's Statewide voter registration database via the ICN or shall enter into an agreement to connect via the ICN as soon as practicable.


c) The Board will take the appropriate steps to establish an Interagency Agreement with DoIT to provide the election jurisdictions access to a reliable ICN connection, for the purposes outlined in this Section.


d) The Board shall take all reasonable steps to have DoIT provide such protective services as listed below to each election authority's connection on the ICN.


1) A firewall shall be configured such that it provides protections for the election authority's connection through the ICN.


2) Software shall be installed to provide protection against attempted Distributed Denial of Service Attacks (DDoS).


3) Election jurisdiction connections on the ICN shall be eligible to receive DoIT's Security Operation Center (SOC) 24/7 monitoring.


4) Election jurisdiction connections shall have Albert Sensor, or comparable device, intrusion detection.


Section 213.30 Outreach − Cyber Security Information Sharing


The Board shall establish an Interagency Agreement with the Illinois State Police's Statewide Terrorism and Intelligence Center (STIC) to develop a cyber security outreach and/or awareness program. The Interagency Agreement shall include the following:


a) The Board shall hire at least one individual as the Program Manager and he/she shall:


1) Work with the Cyber Navigators to compile relative information for distribution to all affected parties.


2) Be assigned to STIC as the coordinator for conducting outreach to county election officials and election boards in the State of Illinois.


3) Contact or meet each county election official and election board commission staff. The Program Manager shall use already established professional associations and networks to facilitate the communication.


4) Identify the election official and person in charge of IT in each county and shall also identify the election board commissioners' person in charge of IT.


5) Process applications for those who have a "need to know" to receive information classified as For Official Use Only. The Program Manager shall maintain a database of these persons.


6) Disseminate information on "best practices" identified by DoIT or the Cyber Navigators to each county election official and election board or commission staff.


7) Share cyber-related information with the county election officials, election boards, and those in charge of the IT of those officials/boards/commissions. This information will come from a variety of sources, including, but not limited to: FBI, Department of Homeland Security, MS-ISAC, STIC. The Program Manager shall identify the official's/board's/commission's information needs and ensure these requirements are being met.


8) On a daily basis, research and gather information pertinent to cyber attacks and cyber resiliency. The Program Manager shall disseminate information daily by e-mail to vetted partners and produce intelligence notes based on information received from program participants by researching, validating, and analyzing the data.


9) Serve as a resource to assist county election officials and election boards with information on who to contact (e.g., STIC, FBI, DHS, MS-ISAC, DoIT, and the Illinois National Guard) regarding response to cyber attacks. STIC already has relationships with these entities.


10) Facilitate training webinars and conferences for information sharing.


11) Provide routine administrative updates to the Board and produce an annual report assessing the effectiveness of the program.


12) Be responsible for maturing the program.


13) Oversee security awareness training for election authorities and their staff.


b) Participants in the Cyber Navigator Program shall at least once per calendar year complete an online security awareness training on common areas of vulnerabilities, including spear-phishing and phishing assessments.


c) Data Sharing Related to a Known Compromise of an Election System


1) Election authorities shall notify the Board as soon as reasonably possible in the event of a security compromise related to any of their election systems.


2) The Board shall notify all election authorities as soon as reasonably possible in the event of a security compromise related to the Board's statewide registration database.


Section 213.40 Personnel − Cyber Navigators


a) The Board shall take steps to pursue entering into an interagency agreement with DoIT to provide cyber security personnel resources for an election jurisdiction cyber assistance program. These personnel will be known as Cyber Navigators and they:


1) shall work to increase election jurisdictions' cyber security posture;


2) analyze system and network documentation for accuracy;


3) recommend that software updates and patches are regularly applied to information systems;


4) make recommendations for secure e-mail accounts and best practices regarding these accounts;


5) provide guidance for anti-malware tools and their deployment on both servers and workstations;


6) perform risk assessments for each election jurisdiction;


7) assist jurisdictions and/or their IT departments with assessing their systems based on the Center for Internet Security's recommended procedures.


b) The proposed interagency agreement will direct DoIT to provide 9 Cyber Navigators on a personal services contract basis for an initial 12 month "startup" phase. The ongoing need will be evaluated as the program matures. The Board shall pay the associated costs (payroll, travel, etc.) using 2018 HAVA Election Security Grant funds, if available. The duties of these individuals is outlined in subsection (a).


Section 213.50 Participation in Cyber Navigator Program


In order for an election authority to be eligible for funds from the 2018 HAVA Election Security Grant, the jurisdiction must participate in the Cyber Navigator Program. Election authorities participating in the Cyber Navigator Program shall submit a completed Certification of Participation in the program that must be received by the Board no later than March 15, 2019 to be eligible for funds from the 2018 HAVA Election Security Grant.


a) Election Authority Minimum Requirements


1) The election authority must utilize the ICN for connectivity to the Board as outlined in this Part or enter into an agreement to do so as soon as practicable.


2) The election authority must participate in the outreach portion of the program, including:


A) Register with at least the Election Infrastructure EI-ISAC;


B) Work with the Program Manager to establish two-way data sharing; and


C) At least one designee from the election authority shall complete the security awareness training on at least a yearly basis as outlined in Section 213.30(b).


3) The election authority shall allow the Cyber Navigators to complete a risk assessment and an analysis against the Center for Internet Security's recommended procedures.


b) Program Manager/Cyber Navigator Requirements


1) The Program Manager shall provide in writing to the Board verification for each election authority that has met its requirements as outlined in subsection (a).


2) The Cyber Navigator shall provide in writing to the Program Manager verification for each election authority under review by that Navigator that has met the requirements outlined in subsection (a)(3).