‘When we work with these jurisdictions, it’s not as if they are implementing protections for the first time, which in previous years is what happened. We don’t have that anymore,” Kris Lovejoy, leader of Kyndryl’s global security and resilience practice, tells CRN.

For giant solutions and services provider Kyndryl, working with US jurisdictions on security for the 2024 elections has been a smoother process than in previous years for a very good reason: “There is a lot more awareness.”

This is according to Kris Lovejoy, security and resilience global practice leader at New York-based Kyndryl, No. 9 on CRN. Solution Provider 500 by 2024. Lovejoy recently spoke with CRN about how Kyndryl has been helping to bolster election security in numerous U.S. jurisdictions, focusing on strengthening controls used to protect voting systems.

(Related: Kyndryl builds 6,000-person Google Cloud army to power AI)

Lovejoy said there is no doubt that election security is in a strong position in the run-up to the crucial Nov. 5 election. While there is no denying that there is “a lot of complexity” when it comes to the different US election systems, the high level of awareness about election cyber threats has led jurisdictions to work vigorously to identify and fill the gaps. security gaps in preparation. to vote on Tuesday, he said.

“When we work with these jurisdictions, it’s not like they’re putting protections in place for the first time, which in previous years was that,” Lovejoy said. “We don’t have that anymore.”

The bottom line, according to Lovejoy, is that “we’re in a much better place than we were before.”

“I think you’d be hard-pressed to find a jurisdiction that didn’t take (security) seriously,” he said.

Here’s more from CRN’s interview with Lovejoy.

What is the opportunity for Kyndryl when it comes to election security? What are the most important things you’ve been doing for clients in this area?

There are three large areas. One is in the voting machines themselves and in the software and hardware associated with those technologies. What we found is that, honestly, a lot of these voting systems can be quite old. And sometimes the lack of modern security features makes them potentially more susceptible to hacking and tampering. So I would say that, first and foremost, it is about modernization.

When modernization is not possible (the institution still has a lot of legacy (equipment)), these are actually compensatory controls that can be introduced to protect the systems themselves. Or alternatively, if they leverage cloud infrastructure to support voter lists, voting, etc., then it’s really about looking at that cloud infrastructure and then figuring out how we can underpin it.

Going back to the legacy aspect of voting systems, what we’re seeing is that some election systems will actually take legacy software and put it in a container in the cloud. And then they take it out of the cloud. That is not modernizing. You still have legacy stuff, but now you have the added complexity of managing the cloud security around it. So what we are finding is a lot of (demand to) come and help (electoral systems) reinforce preventive controls, as well as the elements of detection-response and then recovery of those infrastructures.

A second big area for us is supply chain: the supply chain for election equipment and the software used to manage the equipment. That needs to be managed very carefully to prevent vulnerabilities, as well as to ensure that you know when those vulnerabilities are being exploited deliberately or inadvertently and that there is that mechanism to check and remediate it.

Then there are also the logistics systems. You also need to make sure your software and vendors are doing what they need to. Therefore, we also work around logistics applications and make sure they work.

Last but not least is the physical security piece. One of the things that people are most concerned about is the data center that hosts the election results or does the election processing. And so we work with clients in and around that particular area, making sure that they have a good data center security design and that things are protected the way they need to be.

Do you think one of those areas is a greater priority or focus for electoral organizations in 2024 than in previous elections?

There is much more awareness. So that’s good. However, the reality we are finding is that there is a lot of complexity. Therefore, there is no standardization throughout the electoral system. Each jurisdiction has designed its own approach. There is no issue (for investments in electoral security) because there is no single system, there is no single configuration. It’s just a very organically grown ecosystem. When we work with these jurisdictions, it is not as if they are implementing protections for the first time, which in previous years is what happened. We don’t have that anymore. Now it’s really about (the fact that) these organizations have identified through active testing that there may be some gaps. And they are using us to fill those gaps. But as I said, leading up to this particular election season, there has been nothing that I would say is omnipresent.

Given the increased level of awareness you mentioned, do you have any sense of the level of investment being higher when it comes to modernization in this election?

If there have been investments, it has been in the front part of the system, that is, in the management of the voter registry. So if something is being modernized, I would say it is being modernized there.

There is a lot of fear and consternation around current voting systems: what types of systems can be trusted? What does good software and hardware look like? It seems to me that the modernization of the voting machinery (the software and hardware that actually counts the votes) has slowed down a bit to some extent. At least from what we see. We are more focused on electoral rolls, securing them and guaranteeing limited access to those rolls. That’s the focus.

We need to be very attentive to the electoral system, as we do with water, public services and energy generation. And I would say we are in a much better place than before. But today there is a lot of misinformation and disinformation, which makes people distrust the (election) program. And I think that’s unfortunate.

Ultimately, do you get the sense that most jurisdictions are doing the right things when it comes to election security and making the right investments there?

We don’t work with all of them, so it would be difficult for me to answer that question. But I think you’d be hard-pressed to find a jurisdiction that didn’t take it seriously.