The School of Public Policy's Center for Public Policy and Private Enterprise just received a project grant from the Democracy Fund to study how cybersecurity best practices can be adapted to enhance the resilience of the State of Maryland'selection systems. Leveraging best practices and innovations developed in established critical infrastructures, this study will make recommendations on how best to enhance state elections cyber risk management, and identify areas where federal assistance to the states should be targeted. Using the context of the State of Maryland's already proactive electoral process management approach, the project will identify both practical and cost-effective solutions for election system cyber risk management. Through our research, we aspire to provide solutions that can be applied to other jurisdictions. In doing so, the study will analyze both the technological and organizational aspects of the election systems critical infrastructure. We will work in partnership with officials at the Maryland State Board of Elections, who possess the expert knowledge of election administration, and implementation of commonly suggested "solutions" to critical election system vulnerabilities.
The principal investigator for this study is Dr. David Mussington, Professor of the Practice and Director of UMD's Center for Public Policy and Private Enterprise (CPPPE – the Center). Dr. Mussington has over 2 decades of experience analyzing homeland security, critical infrastructure protection and cybersecurity issues. Dr. Mussington was previously Senior Advisor for Cyber Policy at the Office of the Secretary of Defense, and served on the Obama Administration National Security Council (NSC) staff as Director of Surface Transportation Security Policy. Possessing experience in the public and private sectors, he has worked as a consultant to federal agencies, financial institutions, and served as Chief of Corporate Security at the National Railroad Passenger Corporation (Amtrak).
Cybersecurity is a key element of the Center's research agenda. In both defense and non-defense environments, CPPPE research seeks to define and clarify mechanisms that enhance and accelerate the deployment of critical infrastructure cybersecurity risk management solutions, but also to facilitate dialogue both domestically and internationally on norms of cyber interaction in both the economic and national security domains, and between the public and private sector. By focusing on interdependencies among stakeholders, CPPPE seeks to facilitate sharing of insights and information, and to hasten the identification and deployment of best practice solutions to some of the most significant policy problems confronting stakeholders.