INTRODUCTION
Cybersecurity is evolving as critical, challenging aspects of the information age with
implications for state security, global legal frameworks, human rights, civil authorities, and
the economy. However, the governments have been aware of the challenges posed by cyber
insecurity since the evolvement of internet technology. Difficulties in addressing the matter
have dramatically increased rather than declining (Gaidosch, 2019). As a result, governments
have established cybersecurity approaches to help fight cybersecurity threats. The PPP,
commonly known as Public-Private Partnerships, is a long-term agreement between a
government unit and a private party to improve public service. The government makes the
contract on the stake of a public asset or service, and the private entity takes a considerable
risk and management responsibility. Public-private partnerships are not treated as service
projects; hence they are not be classified as public procurement projects or private sector-
owned property (Deloitte, 2021). Cybersecurity is the most challenging national security
issue in the U.S. struggles for the integrity of elections are rapidly waged in cyberspace. One
little defect in technology or its implementation endangers an election.
Public policy is an integral approach to a perceived issue affecting a country or a
particular group. The procedure takes a series of political steps, adopted, executed, and
imposed by the public agency to mitigate the problem. Public policy development is an
analytical process that starts with the occurrence and observation of the problem, which
requires consideration by the affected parties (Knill & Tosun, 2008). The process requires
detailed research and evaluation to identify the risks and the cause of the issue.
Collaboration between government bodies and various stakeholders is prominent to select
and devise practical policy solutions. To ensure accuracy and prevent additional risks, the
policies implemented for the issue are monitored, evaluated to ensure they meet
requirements and complement the intended purpose. Lessons learned from one policy's
failures are implemented into newly formed policies to eradicate the policy problems.
The policies used in cooperation between federal, state, and local governments and private
units are developed using seven stages:
1. Identification and definition.
ELECTION SYSTEMS CYBERSECURITY 3
For the researchers to develop policy solutions, they must first identify the nature of the
problem, views framed by political agendas, academic orientation, ideology, or dominant
societal norms and values.
2. Policy research and analysis
The stage is the backbone of policy development which entails gathering and presenting
information for analysis. The analysis is ideal for identifying the available policy solutions for
the problem. The policy solutions supported by policymakers are evidence-based, making
this stage the most vital.
3. Policy Solutions and alternatives.
Various solutions are available for mitigating the problem. It is essential for the
instruments chosen to impact the scale of the situation positively and cantered within the
societal and cultural backgrounds of occurrence. Potential viability is dependant on the level
of policy response time, political realities, and public or private tolerance risks.
4. Consultation
Policy professionals focus on consultation to research and determine policy alternatives'
extensions and identifications. The stage allows parties involved, including public, private,
local, and voluntary, to discuss the government's solutions towards mitigating the problem
(Knill & Tosun, 2008). Governments have the opportunity to consistently align their policies
with election platforms, which frameworks their position and determination on different
public policy matters.
5. Developing Policy Proposals
Policy proposals consist of a written outline of the policy's basis and the evidence
supporting the policy solutions. Various strategies to address the issue are outlined, and a
central recommended policy solution is clearly illustrated.
6. Policy Implementation
According to Theodoulou and Kofinis (2004), applying a policy is impacted by three
principles: clarity of policy goals, information intelligence, and strategic planning. In this
stage, policy actions take effect to address the documented policy problem
ELECTION SYSTEMS CYBERSECURITY 4
7. Policy Monitoring and Evaluation
The government and its people have the authority to know if the policy solution works
as intended and delivers the best solutions or services value for money. Evaluation entails
creating information on the succession and the reasons for implementing the implemented
policy. The findings collected can be enhanced to provide the best policy solutions for other
problems.
Policy creation occurs in various social, political, economic, and cultural contexts
depending on the type of problem to be solved and often affects how policies are developed
and enforced. Sometimes, issues need more than one policy strategy. Utilizing the 6 P's
approach and related tools can determine the aspects of policy or process required to solve
the underlying issue (Knill & Tosun, 2008). Procedures influence other bodies, including
government election platforms, prices of goods and services, various departmental and
ministerial ideologies, legal judgments of courts, and revenue trends and expenditure. There
is 6 Ps:
Problems
These are the problems that require policy attention. Before taking any step, the
problem statement should be kept in mind. Issues are the center of policymaking.
People
ELECTION SYSTEMS CYBERSECURITY 5
It represents the people who are part of the policymaking process. It is critical to
understand the individuals involved in decision-making, including government or individual
stakeholders' institutions. Their role or place was taken by their positions inside or outside
the government.
Process
The process is the policymaking steps, including framing the underlying issue, putting
the topic under discussion to identify the possible policy solutions, and formulation the
policy.
Price Tag includes the resources that are involved in the policymaking. A policy
without resources is of no use. Hence the cost of the policy is calculated by the resources
utilized.
Paper
The paper consists of the actuals policies and laws formulated, providing further
guidelines for implementing and enforcing the suggested approach.
Programs
These include the programs essential for policy implementation and their roles in
achieving and delivering the best policy goal and objectives.
OVERVIEW OF PUBLIC-PRIVATE PARTNERSHIPS FOR ELECTIONS SYSTEMS CYBERSECURITY
Voting and integrity of the election process are vital components of the U.S and need
safety from external attacks. The attackers not only attacking the voter registration
database, instead influencing voters by using medial social platforms and in-depth fake
videos. The United States DHS, a cybersecurity agency, has collaborated with EIISAC
administered by canter for internet security to implement communications channels with
the local and state authorities and offices. According to DHS, 85% of the U.S critical
infrastructure is owned by the private sector, including communication, banking and
finance, electric power grids, and healthcare Choate & Smith, 2020). A sophisticated array of
security threats impacts the everyday improvement of technology. Public-private
partnership is a cornerstone to solve the issues based upon risk management contexts.
ELECTION SYSTEMS CYBERSECURITY 6
Collaboration and commitment from the parties are critical to utilize risk management
approaches and formulate resiliency plans. The companies contribute different activities:
Information sharing: the private sector has a tremendous amount of information not
accessed by government bodies. Therefore, the efforts to detect and prevent cybersecurity
risks are hampered by information's inaccessibility. Also, the private sector lacks the
accessibility to government intelligence collected information crucial for their decision
making. Therefore, sharing information is one of the activities aimed at creating massive
information analysis to eliminate national security threats (Germano, 2014). For instance, a
private party may have specific information concerning a particular political party. Still, since
it is responsible for safeguarding its user data, the data ends up unreleased, resulting in a
flawed electoral process. Sharing information is critical for getting the full picture in fighting
against attacks.
Development of threat intelligence: The party holding the political party information
can quickly identify threats to the current campaign. The data can then be utilized to
determine the cybersecurity attacks affecting their electoral processes. Using intelligence
devices, the PPP can provide collective relevant information to implement policy solutions
to any attacks. For instance, a PPP with a cybersecurity company can quickly determine the
threats and provide solutions to eliminate the attacks, including fraud to vote counts.
Development of risk profiles: – Risk profile development is the risk assessment that
involves various questions, including taking financial and reputational outcomes and
mapping into multiple resources and assurance requirements of each resource. Security risk
profiles are essential to determine the sensitivity and resource criticality (Germano, 2014).
The companies can ensure the online election is protected and information regarding the
election results is safe from any threats.
AN ANALYSIS OF WHETHER PARTICIPATION IN A PUBLIC-PRIVATE PARTNERSHIP IN THE
AREA OF ELECTIONS SECURITY IS LIKELY TO HAVE BENEFITS FOR BUSINESSES
The public-private partnerships can have several benefits for businesses by providing
better infrastructure and performance in terms of completion time and the associated
profits. PPP tends to provide the resources at a better value for money. The private
ELECTION SYSTEMS CYBERSECURITY 7
counterparts handle the operational execution risks, which are cost-effective. PPP increases
the government's investment in the private sector, enabling growth and recognition of
private sectors in the economy. The shared value reduces government and private sector
spending, minimizing costs, and the government can utilize funds in other projects
(Worldbank, 2021). High-quality standards are maintained throughout as the functionality is
monitored. Public-private partnerships have an incredible view of businesses' global
operations and a deep understanding concerning potential threats. Information sharing
with private companies such as cybersecurity firms can easily detect potential threats and
provide possible strategies to prevent election threats. Private companies are likely to have
more expertise in managing data relating to a specific project from which the government
can take advantage.
Every action has consequences, and PPP has risks concerned with its collaboration,
including access to sensitive data by the private sector, which increases its exposure to
insider attackers. Building trust among the parties is difficult for the process to be accurate.
The private sector may be attempted to sell its information to external attackers, which
imposes an inside attack. Given the long-term project, it is difficult to identify all possible
vulnerabilities during the project and issues that may arise during the development
(Gaidosch, 2019). It is complex to manage the whole system, divided between two
completely different organizations, and running a vital project like elections is a big task to
manage.
RECOMMENDATIONS OR BEST PRACTICES FOR COMPANIES
Cybersecurity companies are at the forefront of protecting business organizations
from attackers, including commodity and highly targeted state actors. These companies can
identify every single malicious activity taking place at functional systems every day. For
instance, NSA has great opportunities regarding protections, but it is only limited to a
particular specialty (Choate & Smith, 2020). DHS is specifically for critical infrastructure but
does not protect citizens at large. It is not easy for private sectors to accept governmental
offers, and sometimes it gets difficult for the parties to collaborate when there is an
underlying issue. It is essential to recognize that; the private industry is a prominent part of
the U.S defense when it comes to cybersecurity.
ELECTION SYSTEMS CYBERSECURITY 8
Since the private sector holds much user information, the stronger the security in
these organizations, the better the security of the U.S nation (Bruce Potter, 2019). If PPP is
not managed effectively by the government, it can be very hard to get value for PPPs'
money. For fiscal sustainability, PPP's are very risky, which may lead to the downgrading of
credit ratings. The recommendations for private companies before participating in public,
private partnerships for cybersecurity include making fair use of secure systems that ensure
data safety. The companies must indulge in a proper demonstration of data handling and
security features implemented in their networks.
SUMMARY OF RESEARCH AND RECOMMENDATION
In summary, public-private partnerships for election systems cybersecurity strategy
entails companies' information sharing, development of threat intelligence, and security risk
profiles (Bruce Potter, 2019). The activities aim to provide a platform for successfully
analysing the threats subject to cybersecurity risks. The public-private partnership has been
utilized as a vital mechanism through which the government mitigates the cybersecurity
threat. There exist various benefits and risks associated with public-private associations.
Some of the services include adding value to the private sector by increasing investments,
lowering spending costs for both sectors since there is sharing of prices, and trust is built
whenever a successful project is achieved. In case of any damage to private information,
the industry can lose its users leading to reputation and development decline (Gaidosch,
2019). The parties must be responsible for ensuring secure networks free from threats. The
government should be aware of the private company's rules and guidelines and incorporate
them in their terms. The government should also take crucial protective security measures
as the private company ensuring security in the election systems is preserved and guarded
against intruders or hackers. The private sector must fully demonstrate and explain its
security architecture process to the government's top authorized officials before handing
the government's service. Understanding both party's security systems is critical in saving
time during the crisis.
ELECTION SYSTEMS CYBERSECURITY 9
REFERENCES
Bruce Potter. (2019). How public-private partnerships can support election security.
https://expel.io/blog/how-public-private-partnerships-can-support-election-
security/
Choate, J., & Smith, R. (2020). Election Cybersecurity. In The Future of Election Administration (pp.
279-299). Palgrave Macmillan, Cham.
Deloitte. (2021). What are Public-private Partnerships? | Deloitte China | Real Estate.
(2021). https://www2.deloitte.com/cn/en/pages/real-estate/articles/what-is-public-
private-partnerships.html
Gaidosch, T., Adelmann, F., Morozova, A., & Wilson, C. (2019). Cybersecurity risk
supervision. Cybersecurity Risk Supervision, 2019(15), 1-55.
Germano, J. (2014). Cybersecurity Partnerships.
Knill, C., & Tosun, J. (2008). Policymaking.
https://www.policynl.ca/policydevelopment/policycycle.html
Worldbank. (2021). Government Objectives: Benefits and Risks of PPPs | Public-private
partnership. https://ppp.worldbank.org/public-private-partnership/overview/ppp-
objectives