election assistance commission – Page 2

Why you can’t trust your vote to the internet

Posted on April 13, 2020 by cyber_admin

A common adage in information security is that most startups don’t hire their first full-time security engineer until they’ve got around 300 employees. If an app only stores public data and has no need to authenticate users, that might not present much of a problem. But when an app needs to be trusted to protect the confidentiality of a person’s political preference, it’s something else entirely. It’s why Tusk Philanthropies — an organization devoted to bringing mobile voting to the masses — is playing matchmaker between a half-dozen mobile voting startups and the security experts that can help bring them up to snuff. The team at Trail of Bits — a boutique software security firm based in New York — was commissioned by Tusk in late 2019 to conduct a thorough ‘white box’ security test of mobile voting app Voatz, an app used in five states. The testers would have […]

The post Why you can’t trust your vote to the internet appeared first on CyberScoop.

Continue reading Why you can’t trust your vote to the internet→

Experts: Internet voting isn’t ready for COVID-19 crisis

Posted on April 8, 2020 by cyber_admin

Internet technologies are set to play a critical role in the 2020 presidential election, but precisely which voting alternatives will be pursued – and whether they can adequately be secured – is now a $400 million question. COVID-19 doesn’t – at this point – present an excuse to postpone the general election in November. Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency told a recent Axios forum that 42 U.S. states have mechanisms in place that allow for alternatives to in-person voting, and the other eight have break-glass provisions for doing the same when emergencies require it. A global pandemic would most certainly meet that threshold. The $2.2 trillion coronavirus relief bill (CARES Act) signed into law last week included $400 million of grants the Election Assistance Commission can give to states to help them “prevent, prepare for and respond to Coronavirus.” Earlier versions of the bill stipulated […]

The post Experts: Internet voting isn’t ready for COVID-19 crisis appeared first on CyberScoop.

Continue reading Experts: Internet voting isn’t ready for COVID-19 crisis→

Election commission hires cyber-savvy adviser to support 2020 efforts

Posted on March 17, 2020 by Sean Lyngaas

The U.S. Election Assistance Commission is hiring a senior policy adviser to bolster its cybersecurity work with election officials and voting equipment vendors ahead of the 2020 presidential vote. Maurice Turner is set to join the federal commission at the end of the month as a senior adviser to the executive director, supporting the EAC’s internal operations and programing. Externally, he says he can help the commission with an update to important guidelines for voting systems security, and in supporting states as they set up programs to find and fix software vulnerabilities. “I want election officials to expect that EAC is a place that they can go for this type of information,” Turner told CyberScoop. “Whether it’s about security standards or new methods for election administration.” Turner has spent the last two years working on election security at the nonprofit Center for Democracy & Technology. He was previously a fellow […]

The post Election commission hires cyber-savvy adviser to support 2020 efforts appeared first on CyberScoop.

Continue reading Election commission hires cyber-savvy adviser to support 2020 efforts→

Election commission hires cybersecurity expert to help states with 2020 infrastructure

Posted on March 12, 2020 by Sean Lyngaas

The federal agency that oversees funding for states to secure their election equipment is hiring a cybersecurity expert versed in voting technology as it prepares for the 2020 election. Joshua Franklin will start in the coming weeks in a top cybersecurity position at the Election Assistance Commission, according to multiple people familiar with the matter. It is an effort by the EAC, a tiny agency with a big responsibility, to bolster the cybersecurity expertise it has on staff. Franklin, who spent six years as an engineer at the National Institute of Standards and Technology, is expected to protect EAC networks from hacking threats and support the commission’s cybersecurity work with state and local election officials. Franklin has been working as an election security advocate for years, drawing attention to the issue at hacking conferences. In 2018, Franklin presented research at DEF CON comparing the vulnerabilities in the websites of House and Senate candidates for the […]

The post Election commission hires cybersecurity expert to help states with 2020 infrastructure appeared first on CyberScoop.

Continue reading Election commission hires cybersecurity expert to help states with 2020 infrastructure→

State election officials will get fresh intelligence briefing after Iran tensions

Posted on January 14, 2020 by Sean Lyngaas

In the wake of the U.S.-Iran standoff and just weeks before the first Democratic primary, the intelligence community’s lead official for election security will brief state officials on the top cyberthreats to the U.S. electoral process. Shelby Pierson, the intelligence community’s election threats executive, said that the briefing this Thursday will cover full gamut of digital threats to U.S. elections, including those emanating from Iran. Asked if Iran is more likely to interfere in the 2020 election after the U.S. military killed Tehran’s top general earlier this month, Pierson told reporters Tuesday that “it certainly is something that we’re prepared for.” “Our adversaries look to the political climate … it wouldn’t surprise me at all that this is part of the calculus,” she added. Pierson, who assumed her post last July, used a speech at the National Press Club in Washington, D.C., to raise awareness about digital threats facing the […]

The post State election officials will get fresh intelligence briefing after Iran tensions appeared first on CyberScoop.

Continue reading State election officials will get fresh intelligence briefing after Iran tensions→

What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon

Posted on September 19, 2019 by Sean Lyngaas

Voting-equipment vendors are preparing to formally ask security researchers for ideas on building a coordinated vulnerability disclosure (CVD) program, the next step in the industry’s gradual move to work more closely with ethical hackers. The Elections Industry-Special Interest Group, which includes the country’s three largest voting-systems vendors, will this week release the request for information (RFI), Chris Wlaschin, vice president of systems security at one of those vendors, Election Systems & Software, told CyberScoop. “We all feel that sense of urgency to adopt this sooner than later,” Wlaschin said. Since January, the voting vendor group, which is part of the IT-Information Sharing and Analysis Center (IT-ISAC), a broader industry association, has held biweekly meetings to begin hashing out what a CVD program to find and fix software bugs might look like. Other industries have adopted such programs, which can raise the bar for security in an industry and establish trust […]

The post What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon appeared first on CyberScoop.

Continue reading What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon→

Election commission says it won’t de-certify voting systems running old versions of Windows

Posted on September 18, 2019 by Sean Lyngaas

The U.S. Election Assistance Commission has told lawmakers that it will not de-certify certain voting machines using outdated Microsoft Windows systems, a disclosure that highlights the challenge of keeping voting systems secure after a vendor ceases offering support for a product. While a voting machine would fail certification if it were running software that wasn’t supported by a vendor, the act of de-certifying the machine is cumbersome and “has wide-reaching consequences, affecting manufacturers, election administration at the state and local levels, as well as voters,” EAC commissioners wrote in a letter to the Committee on House Administration that CyberScoop obtained. To pass certification, voting vendors must meet a series of specifications outlined in the Voluntary Voting Systems Guidelines (VVSG), a set of standards that the EAC has been slow to update. In response to questions from the committee’s staff, EAC commissioners said the laborious de-certification process can be initiated if there is […]

The post Election commission says it won’t de-certify voting systems running old versions of Windows appeared first on CyberScoop.

Continue reading Election commission says it won’t de-certify voting systems running old versions of Windows→

Voting-machine companies are thinking about vulnerability disclosure, bug bounty programs

Posted on August 15, 2019 by Sean Lyngaas

Voting-equipment vendors expressed interest Thursday in establishing a program for the coordinated disclosure of hardware and software vulnerabilities in their equipment — a practice common in other industries and long championed by security experts. An industry group offered support for a voluntary coordinated vulnerability disclosure (CVD) process that collaborates with ethical hackers to fix equipment flaws faster. The move comes as some security researchers and policymakers have criticized the industry’s big vendors for being slow to embrace ethical hacking. The commitment to work with “good-faith researchers marks a significant turn in industry-wide thinking,” says a white paper issued by the Elections Industry-Special Interest Group (EI-SIG), part of the IT-Information Sharing and Analysis Center. The group includes the country’s three largest vendors — Dominion Voting Systems, Election Systems & Software (ES&S), and Hart InterCivic. Perhaps the biggest challenge to establishing a CVD program will be aligning it with a federal testing and certification system — […]

The post Voting-machine companies are thinking about vulnerability disclosure, bug bounty programs appeared first on CyberScoop.

Continue reading Voting-machine companies are thinking about vulnerability disclosure, bug bounty programs→

Elizabeth Warren wants to overhaul U.S. election security

Posted on June 25, 2019 by Shannon Vavra

Sen. Elizabeth Warren, D-Mass., released a plan focused on election security Tuesday that would replace every voting machine in the U.S. with “state-of-the-art” technology and require states to follow federal standards for federal elections. Warren, who is running for president, would replace outdated voting systems with voter-verified paper ballot machines, mandate voting equipment be paid for by the federal government, and require risk-limiting audits before elections take place. The proposal also makes the federal government responsible for election cybersecurity. “Our democracy is too important for it to be under-resourced and insecure,” Warren wrote in a post on Medium. “We have a solemn obligation to secure our elections from those who would try to undermine them.” Beyond requiring risk-limiting audits, Warren’s plan would add a condition for states seeking federal funding for elections administration. Among the conditions would be an examination of how states are making voting more convenient. “The federal […]

The post Elizabeth Warren wants to overhaul U.S. election security appeared first on CyberScoop.

Continue reading Elizabeth Warren wants to overhaul U.S. election security→

Election commission hires 2 tech experts for testing and certification program

Posted on May 21, 2019 by Sean Lyngaas

The U.S. Election Assistance Commission has added two experienced hands to its voting system certification program amid concerns it had a shortage of technical experts overseeing election infrastructure. The agency is staffing up its crucial certification program by hiring Jessica Bowers, a former executive at Dominion Voting Systems, one of the country’s three largest voting system vendors, and Paul Aumayr, a former Maryland election official. Both new hires will work as senior election technology specialists. In an email announcement to staff obtained by CyberScoop, EAC Executive Director Brian Newby touted Bowers and Aumayr’s technical acumen. Bowers has “over 18 years of software development and product support experience,” while Aumayr is a “Microsoft-certified systems engineer,” Newby wrote. Both will begin work May 28 and report to Jerome Lovato, a former Colorado state election official. Earlier this month, Lovato was tapped to head the EAC’s program for testing and certifying voting systems. He replaced Ryan Macias, whose departure […]

The post Election commission hires 2 tech experts for testing and certification program appeared first on CyberScoop.

Continue reading Election commission hires 2 tech experts for testing and certification program→