How to consider disinformation risks in election security

Officials in Maricopa, the fourth most populous county in the U.S., have been the target of numerous threats related to the 2020 election, and those threats continue. The county has created a risk framework that combines traditional cybersecurity structures like NIST and FAIR with real-world assessments to address both digital and physical threats from traditional and social media, Godsey said. He said Maricopa County combines frameworks, tools and threat intelligence to examine digital systems as well as physical and reputational risks (see: Social media and the threat to cybersecurity).

“Some of our elected officials have received so many credible threats that they have had to hire physical security services to protect themselves and their families,” he said. “As a cybersecurity team, we have found that we don’t really want to deal with mitigating physical or kinetic risks, but as we collect threat intelligence, we have seen evidence of potential risks that have nothing to do with cyber risk.”

In this video interview with Information Security Media Group at Black Hat 2024, Godsey also discussed:

• Challenges in quantifying the reputational and physical risks posed by social media;
• The connection between disinformation and physical threats to poll workers;
• For example, Maricopa County is working with federal agencies to respond to new threats.

Godsey has led all cybersecurity and data privacy efforts for Maricopa County since 2019. Prior to that, he worked for the City of Mesa, Arizona, for nine years, most recently as CISO/CPO. He has more than 25 years of IT experience in higher education and local government and has spoken at local, state and national conferences on topics ranging from telecommunications to project management to cybersecurity and data.