Draft guidelines tackle voting security

Security News ThreatsCybercrime Uncategorized

secure election (WhiteDragon/Shutterstock.com)

Draft guidelines tackle voting security

With voting systems across the country having been targeted, officials are working  protect election integrity despite problems with outdated technology.  The National Institute of Standards and Technology’s draft Voluntary Voting Systems Guidelines 2.0 describes 15 principles officials can follow to ensure high-quality election systems.

Compliance with the VVSG is voluntary, but 47 states are currently following recommendations of the first version in some shape or form.  In this new version, NIST included parts of the voting process that had not previously been addressed.

“Previous versions focused on the casting and counting of ballots but didn’t consider voter registration and other practices that take place before election day,” NIST Voting Program Manager Mary Brady said at a Oct. 25 meeting of the Information Security and Privacy Advisory Board (ISPAB).

With the increased popularity of early voting in several states, polling places must coordinate to make sure no duplicate ballots are cast.  Digital processes also create new security risks for election officials, especially in light of the intrusion of nation state actors into the 2016 elections.  Voting officials must now be aware of new threats, such as phishing attacks that target “personal accounts and supporting election systems,” Brady said.

However, many of the election systems are based on old technology that hasn’t been updated since 2007.  Even if election officials are told that these systems are secure, Brady said, hackers invading these systems “are not necessarily going to play by the rules.”

“In all sectors, there is a need for increased cybersecurity awareness, and elections are no different,” Brady said.  “The Department of Homeland Security is providing election security tools online, but we also need to create guidance on incident response, authentication, physical and operational security.”

DHS’ Laura Delaney, and ISPAB board member, asked what can be done with state elections moving back to less-digital methods of voting.  Brady said the move back to paper doesn’t mean that officials can eliminate all forms of technology.

“States are still needing electronic ballot marking devices in order to tabulate the results,” Brady said.

Additionally, the Elections Government Sector Coordinating Council was formed on Oct. 14 to serve a resource for state and local election officials working with DHS to secure election systems, which are now classified as critical infrastructure. 

The EAC’s Technical Guidelines Development Committee approved a draft version on VVVSG 2.0 in September.  After input from stakeholders, the document is expected be approved by the EAC in the first half of 2018.