[Image via fedscoop]

Florida’s Pasco County announced that it has moved its election website to a “dot-gov” address – a move that federal officials are urging local governments to take in order to enhance the security of their websites. The Tampa Bay Reporter has the news from Pasco:

Brian E. Corley, Pasco County’s supervisor of elections, said his office has converted its website from a  dot-com to a dot-gov internet address.

PascoVotes.gov continues to offer a streamlined design, enhanced functionality, and useful resources to better serve Pasco voters in a secure environment, Corley said.

As more people use their mobile devices to access information, the elections office recognized the need to provide a responsive and secure website. Visitors to PascoVotes.gov can get voting and election information quickly and easily from any device they choose. They can get information on how to register to vote, make address or name changes, update their signatures, and much more.

The elections office said it is committed to providing Pasco County voters with fair, secure, and transparent elections. As the trusted source for voting information, PascoVotes.gov is simply one more way to connect with voters and provide them with relevant news and tools.

“Elections security continues to be at the forefront in all that we do, which is why we secured the PascoVotes.gov domain”, Corley said. “Only official U.S. government websites have addresses that end in .gov. Through this and other security enhancements, PascoVotes.gov is more secure against DNS hijacking or website spoofing.”

NPR’s Miles Parks has an article about the national push for dot-gov:

Local governments across the United States could perform a simple upgrade to strengthen voters’ confidence that they are what they say they are: use websites that end in .gov.

Federal officials control the keys to the “.gov” top-level domain, making it less likely that somebody could get one fraudulently and use it to fool people.

Domains that end in .com or .org, meanwhile, could be set up by attackers to try to intercept users seeking information from real sources.

But with an uneven appreciation across the country about the way a fake website could deceive users, and with little guidance from officialdom about what to do, many counties aren’t taking that step, cyberspecialists say.

That push has yet to gain much traction:

A McAfee analysis found that 95% of counties in Texas and Minnesota, 91% of counties in Michigan and 90% of counties in New Hampshire aren’t using .gov addresses.

An NPR analysis of counties in Iowa, where voters are set to take part in the first-in-the-nation primary caucuses on Monday, found just nine of 99 counties using .gov addresses.

Federal cybersecurity officials point out the value of dot-gov in combating potential misinformation campaigns:

“One of the effective ways we think to counter disinformation campaigns is to have highly visible, credible and trustworthy sources of information,” says Chris Krebs, the director of the Cybersecurity and Infrastructure Security Agency within the Department of Homeland Security.

Cybersecurity experts as well as federal government officials say having the entire government system — from localities to states to the federal government — all using .gov addresses would make it simple for people to know immediately that the website they’re reading is to be trusted.

“Dot-gov is an authoritative message,” Krebs says. “It says this is, in fact, government.”

One value of dot-gov is heightened protection against “spoofing” of email addresses:

Experts also say not having a consistent domain name structure for local governments makes it harder for them to communicate with each other.

Leading up to the 2016 election, attackers used email addresses that mimicked real addresses within the elections world to try to entice local officials to click on links.

Dot-gov addresses are harder to spoof than dot-coms or dot-orgs, so phishing attacks like this would be harder to pull off if official websites were uniform.

Federal officials are looking to boost awareness of dot-gov – and could get some assistance from Congress:

The biggest reason more counties don’t use the .gov infrastructure is a lack of communication from the federal government, officials, including Krebs, told NPR.

Basically, many local election leaders don’t know it matters…

That’s not surprising, says Andrea Limbago, the chief social scientist at the cybersecurity company Virtru. She says that local officials have many disparate roles, and thinking about how their websites fit into the broader information landscape of America isn’t usually at the top of the list.

“To assume that county officials have the full knowledge to be cybersecurity experts, I think it’s unfair to expect that of them,” Limbago says. “We don’t really provide them a lot of the tools that are necessary.”

A bill currently in committee in Congress would make .gov domain names available to local governments at “no cost or negligible cost.”

If passed, it would also move responsibility for the domain program and the outreach about that domain program from the General Services Administration to Krebs’ agency in DHS.

“There’s an awareness gap,” Krebs says. “We need to do a better job of going out there and helping state and local partners know that this is something available to them.”

The push for dot-gov is just one of may approaches to election security – but it’s one that could simplify the task of separating official sites from potentially misleading ones. Kudos to Pasco County for making the switch – and here’s oping more jurisdictions get the word in 2020 and beyond. Stay tuned…

Posted in Uncategorized and tagged