Government

Wyden asks election commission to issue fresh cybersecurity guidance

Another day, another letter from Sen. Ron Wyden questioning the federal government's tech priorities.

June 11, 2018

Ron Wyden during a hearing.

Sen. Ron Wyden, D-Ore., has asked the Election Assistance Commission to issue updated cybersecurity guidance to states to protect their voting infrastructure ahead of the 2018 midterm elections.

Congress allotted $380 million to states through a March spending bill to help secure their voting systems, a move that analysts welcomed as necessary, but insufficient to replace paperless voting machines that could fall prey to digital manipulation. “Absent guidance from the EAC, some states may opt to spend these new funds on insecure voting technology,” Wyden wrote in a letter obtained by CyberScoop.

“Election security experts have worked tirelessly to understand and articulate the vulnerabilities certain types of machines can introduce into elections,” Wyden wrote, adding that new EAC guidance must incorporate those findings.

The senator also wants the EAC to answer a series of questions by July 15, including whether the commission has any fulltime cybersecurity experts on staff and if it has ever revoked a voting system’s certification because of cybersecurity concerns.

In addition, Wyden asks what processes the EAC has in place to make sure states’ voting systems adhere to cybersecurity best practices. The senator also wants to know if EAC supports things like penetration testing and red-teaming of systems, and if so, what it has done to spread those practices.

The Department of Homeland Security has been offering states vulnerability assessments and classified briefings to prepare them for the midterm elections. A top DHS official told Wyden in April, however, that the department had not assessed whether individual election-system vendors had followed good cybersecurity practices.

CyberScoop has asked the EAC for comment on the letter from Wyden and will update this story if any is provided. The EAC approved updated voting security guidelines in 2015, and again in April 2018, according to the commission’s website.

Nonetheless, Wyden says, “the guidelines still encourage states to adopt policies – including certifying machines that make auditing difficult and permitting voting systems to be connected to the internet – that are wildly inconsistent with modern cybersecurity best practices.”

You can read the full letter below.

[documentcloud url=”http://www.documentcloud.org/documents/4501634-Wyden-Election-Assistance-Commission-Letter-1.html” responsive=true]

Wyden asks election commission to issue fresh cybersecurity guidance

More Like This

FBI director warns of China’s preparations for disruptive infrastructure attacks

House passes bill to limit personal data purchases by law enforcement, intelligence agencies

With a mysterious surveillance target identified, calls for Congress to change course

Top Stories

Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats

‘Large volume’ of data stolen from UN agency after ransomware attack

More Scoops

Congress sounds alarm on lax dam cybersecurity

Space is essential for infrastructure. Why isn’t it considered critical?

Confronted with Chinese hacking threat, industrial cybersecurity pros ask: What else is new?

Training days: How officials are using AI to prepare election workers for voting chaos

Georgia election officials withheld evidence in voting machine breach, group alleges

New Hampshire authorities trace Biden AI robocall to Texas-based telecom

Deepfakes, dollars and ‘deep state’ fears: Inside the minds of election officials heading into 2024

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics