In July, election officials across the country received a mass email from NormShield, a Virginia-based cybersecurity company few had heard of.
The company informed the officials it was about to publicly release the results of a “risk scorecard” it had generated assessing vulnerabilities in their internet-facing election systems. States could request their scorecards in advance, the company said, and join what it termed “a joint marketing and public service project.”
“NormShield is the only provider that assesses and prioritizes the risk of any organization within 60 seconds,” Chief Security Officer Bob Maley wrote. Its work would provide each state with an overview of its failures in 10 categories, all given an easy-to-understand letter grade “that can be instantly used to evaluate cyber defenses.”
Initially, most states ignored the email. Some told ProPublica they thought it was spam. Others dismissed it as a heavy-handed marketing ploy — one of dozens of such approaches states receive monthly from cybersecurity companies hoping to win government contracts.
See full story here.