Feds, states unveil pilot program meant to secure voter databases and other election systems
Election officials and nonprofit security advocates on Wednesday announced a pilot program for testing and verifying voter registration databases, election night reporting and other systems meant to support voting.
The pilot program will focus on making the software that’s used in election systems more secure as it is developed, and before it is deployed. The aim is to close a gap in security testing for the broad set of election infrastructure outside of voting machines, which are already the subject of voluntary federal security guidelines.
“There is no standard process for verifying that non-voting election technology is secure, reliable, and usable,” said the nonprofit Center for Internet Security, which is spearheading the pilot program. “Existing election technology verification processes are costly, slow, and disincentivize updating products at the same pace as technology changes and security threats.”
Under the pilot program, election systems vendors will submit their products to CIS for testing. Four vendors have signed up, including VR Systems, which makes voter registration systems and electronic pollbooks. Before the 2016 U.S. election, Russian hackers sent spearphishing emails to VR Systems and some of its election customers, according to a report from former Special Counsel Robert Mueller. The company has said it was not hacked.
“We know that the internet-connected nature of this technology makes it at higher risk for attacks [that] could greatly impact election operations, and we have seen evidence that our adversaries are willing to exploit that,” Aaron Wilson, CIS’s senior director of election security, told CyberScoop.
The pilot program is a long-term project rather than one meant to have a major impact ahead of the November elections. CIS — backed by a steering committing of state and federal officials — plans to produce a report in November advising states on how they can implement the results of such a testing process. Election officials from six states — Maryland, Ohio, Wisconsin, Texas, Pennsylvania and Indiana — have agreed to participate in the pilot, which the federal Election Assistance Commission is supporting.
“Our hope is that this pilot program will identify methods to better reduce vulnerabilities of non-voting technology, and will be a service to state and local election officials as we provide and disclose the results,” EAC Vice Chairman Don Palmer said in a statement.
