Elections Crisis Communications Checklist
A cyber crisis has the potential to cast a negative light on the [CHIEF ELECTION OFFICIAL] or a local county elections office—as well as to undermine faith in the elections system. If you are uncertain whether a situation could escalate into a crisis, err on the side of standing up response teams, because you can always stand down if the incident does not escalate. (Consult [JURISDICTION’S]—Continuity of Operations Plan—in crises that impact operations.)
The checklists below can be adapted to your jurisdiction’s processes. They provide guidance on actions to be taken in the lead up to, and days following, a cyber incident. Action: Once a cyber crisis becomes public
Action: Before a cyber crisis
Identify office protocol and a crisis communications team. (Should include IT).
Create a list of terms with common nomenclature for use by all stakeholders.
Set an internal communication plan with elections staff. (How often, when, and where will all staff meet? Information must travel up and down the chain of command with clear boundaries for dissemination and interfacing with the public/media.)
Ensure that all stakeholders can be reached in a crisis without access to the [CHIEF ELECTION OFFICIAL] network or smart phones.
Craft communications materials that can be used in a potential cyber incident. For examples, elections officials may request sample materials from the National Association of Secretaries of State, the National Association of State Election Directors, or the U.S. Election Assistance Commission.)
Ensure that staff understand their role in a cyber incident. For those who do not have a specific task to carry out, reassure them that their work is important and inform them how they can continue doing their jobs while designated managers handle the cyber incident.
Ensure that communications plans can be accessed and are regularly updated.
Action: Before a cyber crisis becomes public
Obtain technical briefing. (Assess and verify all information.)