The mission of the State Election Commission is to ensure every eligible citizen in South Carolina SC has the opportunity to register to vote to participate in fair and impartial elections and have the assurance that their vote will count The greatest challenge for the S C State Election Commission SEC over the past two years has been ensuring we have taken all reasonable measures to better secure the state’s election infrastructure The U S Department of Homeland Security designated election systems as critical infrastructure in January 2017 The SEC has applied considerable resources to hardening both the state’s voting and voter registration systems by applying testing assessments and technological and human resources As a result the state’s election infrastructure is more secure today and the SEC continues to assess its security posture to identify additional security measures in light of emerging threats and new technologies As such we intend to utilize the $6 040 794 in 2018 HAVA Election Security grant funds to harden our security posture thus fundamentally enhancing the resilience of elections in the South Carolina PROJECT SUMMARY Prior to receiving federal funds SC had already began the process of hardening its security posture for the 2018 General Election through the use of State appropriated funds The agency will use its allocation of HAVA grants funds to supplement the cost of replacing the current paperless statewide voting system and to conduct a series of comprehensive security assessments followed by applicable remediation over the grants term PROBLEM STATEMENT The State of South Carolina currently uses a statewide electronic voting system that was implemented in 2004-2005 The system includes more than 12 000 paperless touch screen voting machines optical ballot scanners for absentee by mail ballots and other peripheral equipment that is at end of life Additionally the state faces threats from various actors against its statewide voter registration system and other cyber assets The SEC remains actively engaged in identifying and remediating any and all potential vulnerabilities 1 PROJECT DESCRIPTION 1 Voting Equipment Replacement and Upgrades a Replace the current paperless statewide voting system using the state’s Request for Proposal RFP process with one certified by a testing laboratory accredited by the Federal Election Assistance Commission EAC as required in State law i Timeframe January-December 2019 2 Election Auditing Section Not Applicable 3 Voting Registration Systems and Management Section Not Applicable 4 Cyber Vulnerabilities a Conduct various risk and vulnerability assessments code reviews and penetration tests of the statewide Voter Registration and Elections Management System over the grants term along with other periodic contracted scans of agency networks These scans will be in addition to the DHS Cyber Hygiene Program scans and those conducted by the S C Department of Administration i Timeframe June 2018-December 2022 b Remediate vulnerabilities discovered or address areas of concern discovered during the vulnerability assessment code review and penetration test i Timeframe June 2018-March 2023 c Conduct a risk and vulnerability assessment of the agency’s statewide intranet accessed by election officials Determine the feasibility of reassigning the associated servers to a cloud-based service for enhanced security protections Reassign servers as deemed feasible i Timeframe June 2018-December 2022 d Conduct a risk and vulnerability assessment along with a penetration test of the State’s current e-poll book and remediate any vulnerabilities i Timeframe July 2018-August 2018 e Introduce a supplementary statewide intrusion detection system that enacts network monitoring solutions in each of the forty-six counties with offices that access the statewide voter registration system and the elections management system i Timeframe July 2018-February 2019 2 f Conduct a risk and vulnerability assessment of the election VPN infrastructure and equipment i Timeframe June 2018-September 2018 5 Training a Host a voting and election systems workshop for election officials across the State entitled “2018 Election Security and Technology Workshop” Objectives for this 2-day workshop will be to increase participant’s cyber security awareness and preparedness acquire new voting systems knowledge and to conduct a cyber training exercise to assess participant’s readiness i Day 1 – Participants will view voting systems offered by EAC certified manufactures receive a presentation on ballot auditing methodologies and study various balloting strategies ii Day 2 – County election directors staff and board members will participate in a Cyber Tabletop Exercise facilitated by the U S Department of Homeland Security DHS iii Timeline August 2018 6 Communication Section Not Applicable Strategic Objectives for the 2018 General Election Activity Conduct a secure code review enhanced vulnerability assessments and penetration tests of the statewide voter registration system and agency networks Complete the remediation of vulnerabilities discovered or address areas of concern discovered following various system assessments and tests Purchase and install secure endpoints in each county office Begin the purchase and installation of a supplementary statewide intrusion detection system that will include network monitoring devices in each county to enhance the security posture of the statewide voter registration system Host a 2018 Election Security and Technology Workshop that will include a Table Top Exercise TTX facilitated by the US Department of Homeland Security Key election officials in each county along with their county information technology directors will be invited to participate Total Budget $ 82 000 $ 21 000 $ 32 200 $ 36 000 $ 25 000 $196 200 3 HAVA Grant Project Time Line Activity 2018 Begin the process to replace the current paperless statewide voting system using the state’s Request for Proposal RFP process with one certified by a testing laboratory accredited by the Federal Election Assistance Commission EAC as required in State law 2019 2020 2021 2022 X Conduct various risk and vulnerability assessments code reviews and penetration tests of the statewide Voter Registration and Elections Management System over the grants term along with other periodic contracted scans of agency networks These scans will be in addition to the DHS Cyber Hygiene Program scans and those conducted by the S C Department of Administration X X X X X Remediate vulnerabilities discovered or address areas of concern discovered during the vulnerability assessment code review and penetration test X X X X X Conduct a risk and vulnerability assessment of the agency’s statewide intranet accessed by election officials Determine the feasibility of reassigning the associated servers to a cloud-based service for enhanced security protections Reassign servers as deemed feasible X X X X X Conduct a risk and vulnerability assessment along with a penetration test of the State’s current e-poll book and remediate any vulnerabilities X Introduce a supplementary statewide intrusion detection system that enacts network monitoring solutions in each of the forty-six counties with offices that access the statewide voter registration system and the elections management system X Conduct a risk and vulnerability assessment of the election VPN infrastructure and equipment X Host a voting and election systems workshop for election officials across the State entitled “2018 Election Security and Technology Workshop” Objectives for this 2-day workshop will be to increase participant’s cyber security awareness and preparedness acquire new voting systems knowledge and to conduct a cyber training exercise to assess participant’s readiness X Submit final request to close out grant 2023 X X 2018 HAVA ELECTION SECURITY GRANT Budget Information Name of Organization CFDA # 90 404 Non-Construction Program South Carolina State Election Commission Budget Period Start 3 23 2018 Budget Period End 3 23 2023 SECTION A - BUDGET SUMMARY Consolidated Budget for total project term-up to 5 years as defined by grantee FEDERAL NON-FEDERAL FUNDS Match PROGRAM CATEGORIES a Voting Equipment BUDGET CATEGORIES c Voter Registration Systems b Election Auditing d Cyber Security e Communications f Other ______________ g Other ______________ 1 PERSONNEL including fringe 2 EQUIPMENT TOTALS $ $ 5 515 794 00 $ 3 SUBGRANTS- to local voting jurisdictions $ % Fed Total - 5 515 794 00 - 0% 91% 0% 4 TRAINING $ 25 000 00 $ 25 000 00 0% 5 All OTHER COSTS $ 500 000 00 $ 500 000 00 8% $ 525 000 00 $ 6 040 794 00 6 TOTAL DIRECT COSTS 1-6 $ 5 515 794 00 $ - $ - $ - $ - $ - 7 INDIRECT COSTS if applied $ 8 Total Federal Budget $ 5 515 794 00 11 Non-Federal Match $ 302 040 00 12 Total Program Budget $ 5 817 834 00 13 Percentage By Category 91% Proposed State Match 5 0% $ $ - $ - $ 0% A Do you have an Indirect Cost Rate Agreement approved by the Federal government or some other non-federal entity If yes please provide the following information B Period Covered by the Indirect Cost Rate Agreement mm dd yyyy-mm dd yyy C Approving Federal agency D If other than Federal agency please specify E The Indirect Cost Rate is - $ - $ 0% No 525 000 00 525 000 00 9% $ $ - $ - $ 0% - $ - $ 0% - 0% - $ 6 040 794 00 $ 302 040 00 $ 6 342 834 00 0%