Case Study: Protecting Elections and Preventing an Attack on Election Integrity Using Open Measures

TLDR

• In threat intelligence, organizations typically monitor known threat actors on an ongoing basis, a process that can be inefficient, time-consuming, and dangerous.

• We examine how a threat intelligence team accelerated and improved their workflow with Open Measures – and enabled them to prevent a planned attack against an upcoming election integrity.

The Problem

One of Open Measures’ customers has a threat intelligence program consisting of a Chief Information Security Officer (CISO) and a threat intelligence analyst at a Secretary of State’s office. As part of their duties, the team is responsible for monitoring threats, calls to violence, and mis/disinformation campaigns. As explained by the CISO:

We need to be aware of these conversations and arm our communications team with the information for them to decide what to respond to and what not to respond to. That allows us to give the best service and make sure our voters are not being disenfranchised.

The team originally had to monitor many social media platforms separately during research, performing many searches in separate tabs and storing the results in folders to analyze manually later. This approach had limitations: information loss when posts or media were deleted, bottlenecks from research methods too time-consuming or complex to delegate, and emotional and mental health risks from direct exposure to volumes of extremist content.

The Solution

Spread thin, the team surveyed the market for better platforms to use. Amid legacy intel platforms whose user interfaces left a lot to be desired, Open Measures stood out as a better solution: the team could use the platform’s front end to “view multiple fringe platforms” and “search lots of sources” quickly and efficiently without the added complexity of using an API.

Caption: A screenshot of Open Measures’ Timeline showing the volume of posts per day that matched multiple queries on multiple platforms all in one view, visualized as a stacked bar graph.

The team’s new workflow uncovered content related to specific keywords, surfacing accounts known and unknown to the analyst. To visualize trends, the team used Timeline to identify activity spikes across many platforms at once all in one window, drawing on Open Measures’ wide-ranging datasets.

The Results

With Open Measures, the team was able to detect a developing, time-sensitive attack from a group of known actors that planned to undermine the integrity of an election “immediately before it [would’ve] actually occurred in real life” – and prevented it from happening. Importantly, their success was a result of using Open Measures to extend and amplify their own capabilities and domain expertise, improving their workflow to benefit all team members:

Coverage and Efficiency (Analyst, CISO): With Open Measures, the analyst could pull conversations from multiple platforms into one view, without information loss. The CISO was also grateful that the platform could empower the team’s analyst:

We’re a very small team, and our threat intelligence analyst is responsible for many different things at any given time. The Analyst’s time is incredibly valuable, and by using Open Measures, their time was not wasted on manual searching.

Psychological Wellbeing (Analyst): Rather than looking at violent or harmful content directly, the analyst was “very grateful” for Open Measures’ ability to surface only relevant posts and blur sensitive videos and images to limit their exposure to “vicarious trauma” during research.

Caption: Search results from Open Measures’ Discover tool with “Blur thumbnails” enabled, a feature designed to prevent users from automatically seeing violent or disturbing content.

Reduced Organizational Risk (CISO, Analyst): While prior research processes were too complex to delegate to others, Open Measures was simple enough for the CISO to take on research tasks as needed. The CISO noted the usefulness of AI Search, which made research simple enough for a non-analyst to use: “You can go from just a concept to an optimized search query with no specialized training in minutes.” By consolidating processes, saving time, and reducing personal risk, the analyst and the CISO could collaborate more smoothly, improving threat response time enough to prevent an attack that would’ve undermined the integrity of an election.

Conclusion

Open Measures’ platform can provide both wide-ranging coverage intuitively enough for less-technical team members, streamlining operations and freeing up time. In a threat response context, these improvements can be significant enough to shift teams from detection into prevention. Thoughtful features – such as the ability to blur harmful content – can also boost organizational resilience, protecting analysts’ mental health and preventing burnout or churn.

For more details on how Open Measures can help your team unlock better outcomes that were previously out of reach, reach out or schedule a demo here.

For more details on how this team achieved their results, reach out to us at Open Measures or schedule a demo here.