---
title: How We Helped Secure Ohio's 2018 Election Infrastructure - Capstone Technologies Group
description: Discover how Capstone Technologies Group reinforced democracy during the 2018 Ohio Election Audit with expert cybersecurity and IT solutions.
canonical_url: https://captechgroup.com/resources/blog/how-we-helped-secure-ohios-2018-election-infrastructure
language: en-GB
date: 2026-03-13T01:10:38Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/resources/blog/how-we-helped-secure-ohios-2018-election-infrastructure. Schema.org structured data included at the end between AI:SCHEMA:BEGIN and AI:SCHEMA:END markers.
markdown-tokens: 2492
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/resources/blog/how-we-helped-secure-ohios-2018-election-infrastructure. Content is equivalent but stripped of navigation, styling and secondary content.
> **Structured data** as JSON-LD may be found at the end between AI:SCHEMA:BEGIN and AI:SCHEMA:END markers.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


## The Assignment

Back in 2018, the Ohio Secretary of State issued [Directive 2018-15](https://www.sos.state.oh.us/globalassets/elections/directives/2018/dir2018-15.pdf), directing counties to conduct security assessments of their election infrastructure. Clark State Community College was designated to lead the assessment for Clark County, and they brought us in to handle the technical evaluation.

This wasn't about checking boxes. Election systems are high-value targets—voter registration databases, ballot handling systems, tabulation equipment. A breach doesn't just compromise data; it undermines public confidence in the democratic process itself. The assignment was straightforward: evaluate the county's election infrastructure against established security frameworks and identify gaps.

![Multi-layered election security assessment framework showing documentation review, onsite evaluation, technical testing, and compliance verification phases](https://images.captechgroup.com/articles/election-security-assessment-framework.webp)

The four-phase assessment framework used for Clark County's election infrastructure evaluation

 

## The Framework

We used the CIS Controls as the foundation—the same framework used across critical infrastructure sectors. It's an 88-item checklist that covers everything from basic inventory management (knowing what systems you have) to advanced measures like intrusion detection and incident response planning.

For Clark County, our work covered the majority of these controls. Working alongside Clark State faculty—Professor Dan Heighton, Professor Greg Teets, William Blake, and Brian Sammons—we systematically evaluated each component of the county's election infrastructure.

## What We Actually Did

The assessment had several phases:

**Documentation Review:** We started with what was already documented—network diagrams, security policies, access control procedures, system configurations. This gave us the baseline.

**Onsite Technical Evaluation:** Then we went onsite. Multiple visits to observe systems in operation, interview personnel about day-to-day security practices, and verify that documented procedures matched reality. We looked at voter registration systems, pollbook preparation, vote tabulation equipment, and result reporting infrastructure.

**Technical Testing:** We evaluated network segmentation (were election systems properly isolated?), access controls (who had admin privileges and why?), logging and monitoring capabilities, backup procedures, and physical security measures.

**Gap Analysis:** For each CIS Control, we documented current state versus recommended state. Where were the vulnerabilities? What were the highest-priority fixes?

![Election security assessment in progress](https://images.captechgroup.com/articles/election-security-onsite-assessment.webp)

## What We Found

The specific findings remain confidential—that's standard for security assessments. But in general terms, what we typically see in these environments:

- **Legacy Systems:** Equipment and software that worked fine when installed but hadn't kept pace with evolving threats
- **Network Architecture Gaps:** Insufficient segmentation between election systems and general county networks
- **Access Control Issues:** Too many people with administrative privileges; weak password policies
- **Monitoring Blind Spots:** Limited logging and no centralized monitoring to detect suspicious activity
- **Incomplete Incident Response Plans:** No clear procedures for what to do if something went wrong
 
None of this was negligence—it's what happens when systems are deployed over time without a comprehensive security framework. Our job was to identify the gaps and recommend practical fixes that the county could actually implement.

![Comparison infographic showing evolution of election security threats from 2018 to 2026, including ransomware attacks, supply chain vulnerabilities, and AI-powered social engineering](https://images.captechgroup.com/articles/threat-landscape-2018-vs-2026.webp)

How election security threats have evolved: 2018 baseline vs. 2026 reality

 

## What's Changed Since 2018

Eight years later, the fundamentals haven't changed—you still need proper network segmentation, access controls, monitoring, and incident response. But the threat landscape has evolved significantly:

- **Ransomware is Everywhere:** In 2018, ransomware was a concern. In 2026, it's assumed. Critical infrastructure organizations—including counties—are prime targets.
- **Supply Chain Attacks:** Compromising vendors and service providers has become a preferred attack vector. Your security is only as strong as your weakest vendor.
- **AI-Powered Threats:** Social engineering and phishing have gotten sophisticated enough that even trained staff can be fooled.
- **Regulatory Requirements Have Tightened:** What was recommended in 2018 is often required in 2026, especially for critical infrastructure.
 
The methodology we used in Clark County—CIS Controls-based assessment, gap analysis, prioritized remediation—is the same approach we use today for [security assessments across all sectors](https://captechgroup.com/risk-assessments). The framework scales whether you're protecting election systems, [healthcare patient records](https://captechgroup.com/industry-solutions/medical-it-solutions), [legal case files](https://captechgroup.com/industry-solutions/legal-it-solutions), or [financial transactions](https://captechgroup.com/industry-solutions/financial-it-solutions).

## What This Experience Means for Your Organization

Election infrastructure security and business security aren't that different. Both require:

- Understanding what systems you have and how they connect
- Knowing who has access to what and why
- Monitoring for suspicious activity
- Having a plan for when (not if) something goes wrong
- Keeping pace with evolving threats
 
The same CIS Controls framework we used in 2018 for Clark County is what we implement today for Ohio businesses. If your security was set up three years ago and hasn't been reassessed since, you're likely in the same position Clark County was in 2018—solid foundation, but gaps have emerged as threats evolved.

That's fixable. But it requires a systematic assessment to identify where the gaps are, followed by prioritized remediation that fits your budget and operational reality.

## Want to Know Where Your Gaps Are?

We conduct the same style of technical assessment we did for Clark County—adapted for your industry and risk profile. We use established frameworks (CIS Controls, NIST, industry-specific standards), evaluate your current state, identify gaps, and recommend prioritized fixes.

**This isn't a sales pitch disguised as an assessment.** We tell you what we find, recommend what makes sense to fix, and let you decide how to proceed. Some clients handle remediation internally. Others want us to implement the fixes. Both approaches work.

 ## Ready to Identify Your Security Gaps?

We assess Ohio businesses using the same framework we used for Clark County's election infrastructure. Let's figure out where your vulnerabilities are—and what makes sense to fix first.

[  (937) 319-1211 ](tel:+19373191211)

Talk to someone who's actually done this work. We're here to answer questions.

 

[  Email Us ](#)

Prefer to write it out? Send us the details and we'll respond with next steps.

<!-- AI:SCHEMA: Schema.org description of canonical page in JSON-LD format -->
<!-- AI:SCHEMA:BEGIN format=jsonld scope=page -->

```json
{
    "@context": "http://schema.org",
    "@graph": [
        {
            "@type": "Article",
            "author": {
                "@id": "https://captechgroup.com/#brian_0fd5dfcdbc"
            },
            "dateModified": "2026-03-13T01:10:38Z",
            "datePublished": "2024-10-22T01:04:55Z",
            "description": "Discover how Capstone Technologies Group reinforced democracy during the 2018 Ohio Election Audit with expert cybersecurity and IT solutions.",
            "headline": "How We Helped Secure Ohio's 2018 Election Infrastructure",
            "image": {
                "@id": "https://captechgroup.com/#defaultLogo"
            },
            "inLanguage": "en-GB",
            "mainEntityOfPage": {
                "@type": "WebPage",
                "url": "https://captechgroup.com/resources/blog/how-we-helped-secure-ohios-2018-election-infrastructure"
            },
            "publisher": {
                "@id": "https://captechgroup.com/#defaultPublisher"
            },
            "url": "https://captechgroup.com/resources/blog/how-we-helped-secure-ohios-2018-election-infrastructure"
        },
        {
            "@type": "Person",
            "name": "Brian",
            "@id": "https://captechgroup.com/#brian_0fd5dfcdbc"
        },
        {
            "@id": "https://captechgroup.com/#defaultLogo",
            "@type": "ImageObject",
            "url": "https://captechgroup.com/images/hotlink-ok/logo-light.jpg",
            "width": 1300,
            "height": 300
        },
        {
            "@id": "https://captechgroup.com/#defaultPublisher",
            "@type": "Organization",
            "url": "https://captechgroup.com/",
            "logo": {
                "@id": "https://captechgroup.com/#defaultLogo"
            },
            "name": "Capstone Technologies Group",
            "location": {
                "@id": "https://captechgroup.com/#defaultPlace"
            }
        },
        {
            "@id": "https://captechgroup.com/#defaultPlace",
            "@type": "Place",
            "address": {
                "@id": "https://captechgroup.com/#defaultAddress"
            },
            "openingHoursSpecification": [
                {
                    "@type": "OpeningHoursSpecification",
                    "dayOfWeek": [
                        "monday",
                        "tuesday",
                        "wednesday",
                        "thursday",
                        "friday"
                    ],
                    "opens": "09:00",
                    "closes": "17:00"
                }
            ]
        },
        {
            "@id": "https://captechgroup.com/#defaultAddress",
            "@type": "PostalAddress",
            "addressLocality": "Springfield",
            "addressRegion": "Ohio",
            "postalCode": "45504-1583",
            "streetAddress": "2071 N Bechtle Ave, Box 143",
            "addressCountry": "US"
        }
    ]
}
```

<!-- AI:SCHEMA:END -->

