While election interference using the information space continues to demand attention, today’s posting examines questions related to the security of election systems themselves.
New to the Cyber Vault
This report by a Presidential Commission makes recommendations for voter registration, poll access, polling management, and the use of voting technology.
This testimony aims to temper fears related to election system security by highlighting America's decentralized voting system, the security of voting machines, and the presence of a paper record.
This testimony provides an overview of the American Election Administration System, explains breaches of the Arizona and Illinois voter registration databases, and explains how the EAC supports the American Election Administration System.
This letter makes clear to the President of the National Association of State Election Directors that Congressional leadership opposes federalizing state election administration, but that the resources of the DHS should still be called upon by states as needed.
US Election Assistance Commission (link no longer active)
This document reveals an intrusion into an EAC system and emphasizes that the EAC does not administer elections nor collect voter information.
This document provides guidelines for voting systems and processes.
From the Cyber Vault
Pennsylvania State University, University of Pennsylvania, and Web Wise Security, EVEREST: Evaluation and Validation of Election-Related Equipment, Standards and Testing, December 7, 2007. Not classified.
The goal of this review, commissioned by Ohio's Secretary of State, was to assess the security of electronic voting systems used in Ohio, and to identify procedures that might eliminate or mitigate any problems that were discovered. The review discovered that "all of the studied systems possess critical security failures that render their technical controls insufficient to guarantee a trustworthy election."
This document is the Ohio Secretary of State's report which followed the Project EVEREST technical report of December 7 relating to election equipment. It discusses the effort's objectives, Ohio's involvement in the use of electronic voting machines, the structure of the EVEREST study, the security assessment, as well as several other topics - including the Secretary of State's recommendations.
This document provides requirements for voting systems.
This document provides testing guidelines for voting systems.
This FBI alert states that the election boards of two unidentified states (but reported to be Arizona and Illinois) had been subject to cyber intrusions. One compromised a web site while the other compromised a "Board of Election system." The alert specifies IP addresses associated with the intrusions and provides recommended precautions.
This intelligence assessment focuses on cyber threats to computer-enabled US election infrastructure. It notes the absence of indications that there were plans to use cyber operations to change the outcome of the US election but that cyber criminals were likely to continue targeting personally identifiable information.
This joint statement from the DNI and Department of Homeland Security reports that the United States Intelligence Community "is confident that the Russian Government directed the recent compromise e-mails from U.S. persons and institutions, including US political organizations." It goes on to state some of the reasons for that conclusion. In addition, it discusses cyber incidents related to state election computer systems.
This letter poses ten questions to the Secretary of Homeland Security with regard to the Obama administration's designation of election infrastructure as a critical infrastructure subsector within the Government Facilities Sector - including whether the Trump administration would continue the designation and what assistance and tools the Department of Homeland Security could provide to state, local, tribal, and territorial governments.
This two-page briefing on foreign cyber activity and the 2016 U.S. elections makes five points, which concern reports or assertions concerning the "hacking" of the presidential election, Russian intrusions into state and local election boards, attempted intrusions into state and local boards, Department of Homeland Security assistance to the states, and current safeguards and plans to improve those safeguards.
In her testimony before the Senate Select Committee on Intelligence, Indiana's Secretary of State addresses foreign targeting of state and local election systems, protecting state and local elections from cyber threats, the uniqueness of elections as critical infrastructure, and preparations for the 2018 election cycle.
Jeannette Manfra, Acting Deputy Under Secretary for Cybersecurity and Communications, Department of Homeland Security and Samuel Liles, Acting Director, Cyber Division, Department of Homeland Security, Testimony before the Senate Select Committee on Intelligence, "Assessing Threats to Election Infrastructure," June 21, 2017. Unclassified.
In their joint testimony, these two homeland security officials discuss recent assessments of the cyber threat to U.S. political processes, including elections, and enhancing security for future elections.
This document reports findings from the DEFCON Voting Machine Hacking Village in which every piece of equipment was breached by the end of the conference.