election assistance commission – Page 2

Election commission hires cybersecurity expert to help states with 2020 infrastructure

Posted on March 12, 2020 by Sean Lyngaas

The federal agency that oversees funding for states to secure their election equipment is hiring a cybersecurity expert versed in voting technology as it prepares for the 2020 election. Joshua Franklin will start in the coming weeks in a top cybersecurity position at the Election Assistance Commission, according to multiple people familiar with the matter. It is an effort by the EAC, a tiny agency with a big responsibility, to bolster the cybersecurity expertise it has on staff. Franklin, who spent six years as an engineer at the National Institute of Standards and Technology, is expected to protect EAC networks from hacking threats and support the commission’s cybersecurity work with state and local election officials. Franklin has been working as an election security advocate for years, drawing attention to the issue at hacking conferences. In 2018, Franklin presented research at DEF CON comparing the vulnerabilities in the websites of House and Senate candidates for the […]

The post Election commission hires cybersecurity expert to help states with 2020 infrastructure appeared first on CyberScoop.

Continue reading Election commission hires cybersecurity expert to help states with 2020 infrastructure→

State election officials will get fresh intelligence briefing after Iran tensions

Posted on January 14, 2020 by Sean Lyngaas

In the wake of the U.S.-Iran standoff and just weeks before the first Democratic primary, the intelligence community’s lead official for election security will brief state officials on the top cyberthreats to the U.S. electoral process. Shelby Pierson, the intelligence community’s election threats executive, said that the briefing this Thursday will cover full gamut of digital threats to U.S. elections, including those emanating from Iran. Asked if Iran is more likely to interfere in the 2020 election after the U.S. military killed Tehran’s top general earlier this month, Pierson told reporters Tuesday that “it certainly is something that we’re prepared for.” “Our adversaries look to the political climate … it wouldn’t surprise me at all that this is part of the calculus,” she added. Pierson, who assumed her post last July, used a speech at the National Press Club in Washington, D.C., to raise awareness about digital threats facing the […]

The post State election officials will get fresh intelligence briefing after Iran tensions appeared first on CyberScoop.

Continue reading State election officials will get fresh intelligence briefing after Iran tensions→

What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon

Posted on September 19, 2019 by Sean Lyngaas

Voting-equipment vendors are preparing to formally ask security researchers for ideas on building a coordinated vulnerability disclosure (CVD) program, the next step in the industry’s gradual move to work more closely with ethical hackers. The Elections Industry-Special Interest Group, which includes the country’s three largest voting-systems vendors, will this week release the request for information (RFI), Chris Wlaschin, vice president of systems security at one of those vendors, Election Systems & Software, told CyberScoop. “We all feel that sense of urgency to adopt this sooner than later,” Wlaschin said. Since January, the voting vendor group, which is part of the IT-Information Sharing and Analysis Center (IT-ISAC), a broader industry association, has held biweekly meetings to begin hashing out what a CVD program to find and fix software bugs might look like. Other industries have adopted such programs, which can raise the bar for security in an industry and establish trust […]

The post What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon appeared first on CyberScoop.

Continue reading What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon→

Election commission says it won’t de-certify voting systems running old versions of Windows

Posted on September 18, 2019 by Sean Lyngaas

The U.S. Election Assistance Commission has told lawmakers that it will not de-certify certain voting machines using outdated Microsoft Windows systems, a disclosure that highlights the challenge of keeping voting systems secure after a vendor ceases offering support for a product. While a voting machine would fail certification if it were running software that wasn’t supported by a vendor, the act of de-certifying the machine is cumbersome and “has wide-reaching consequences, affecting manufacturers, election administration at the state and local levels, as well as voters,” EAC commissioners wrote in a letter to the Committee on House Administration that CyberScoop obtained. To pass certification, voting vendors must meet a series of specifications outlined in the Voluntary Voting Systems Guidelines (VVSG), a set of standards that the EAC has been slow to update. In response to questions from the committee’s staff, EAC commissioners said the laborious de-certification process can be initiated if there is […]

The post Election commission says it won’t de-certify voting systems running old versions of Windows appeared first on CyberScoop.

Continue reading Election commission says it won’t de-certify voting systems running old versions of Windows→

Voting-machine companies are thinking about vulnerability disclosure, bug bounty programs

Posted on August 15, 2019 by Sean Lyngaas

Voting-equipment vendors expressed interest Thursday in establishing a program for the coordinated disclosure of hardware and software vulnerabilities in their equipment — a practice common in other industries and long championed by security experts. An industry group offered support for a voluntary coordinated vulnerability disclosure (CVD) process that collaborates with ethical hackers to fix equipment flaws faster. The move comes as some security researchers and policymakers have criticized the industry’s big vendors for being slow to embrace ethical hacking. The commitment to work with “good-faith researchers marks a significant turn in industry-wide thinking,” says a white paper issued by the Elections Industry-Special Interest Group (EI-SIG), part of the IT-Information Sharing and Analysis Center. The group includes the country’s three largest vendors — Dominion Voting Systems, Election Systems & Software (ES&S), and Hart InterCivic. Perhaps the biggest challenge to establishing a CVD program will be aligning it with a federal testing and certification system — […]

The post Voting-machine companies are thinking about vulnerability disclosure, bug bounty programs appeared first on CyberScoop.

Continue reading Voting-machine companies are thinking about vulnerability disclosure, bug bounty programs→

Elizabeth Warren wants to overhaul U.S. election security

Posted on June 25, 2019 by Shannon Vavra

Sen. Elizabeth Warren, D-Mass., released a plan focused on election security Tuesday that would replace every voting machine in the U.S. with “state-of-the-art” technology and require states to follow federal standards for federal elections. Warren, who is running for president, would replace outdated voting systems with voter-verified paper ballot machines, mandate voting equipment be paid for by the federal government, and require risk-limiting audits before elections take place. The proposal also makes the federal government responsible for election cybersecurity. “Our democracy is too important for it to be under-resourced and insecure,” Warren wrote in a post on Medium. “We have a solemn obligation to secure our elections from those who would try to undermine them.” Beyond requiring risk-limiting audits, Warren’s plan would add a condition for states seeking federal funding for elections administration. Among the conditions would be an examination of how states are making voting more convenient. “The federal […]

The post Elizabeth Warren wants to overhaul U.S. election security appeared first on CyberScoop.

Continue reading Elizabeth Warren wants to overhaul U.S. election security→

Election commission hires 2 tech experts for testing and certification program

Posted on May 21, 2019 by Sean Lyngaas

The U.S. Election Assistance Commission has added two experienced hands to its voting system certification program amid concerns it had a shortage of technical experts overseeing election infrastructure. The agency is staffing up its crucial certification program by hiring Jessica Bowers, a former executive at Dominion Voting Systems, one of the country’s three largest voting system vendors, and Paul Aumayr, a former Maryland election official. Both new hires will work as senior election technology specialists. In an email announcement to staff obtained by CyberScoop, EAC Executive Director Brian Newby touted Bowers and Aumayr’s technical acumen. Bowers has “over 18 years of software development and product support experience,” while Aumayr is a “Microsoft-certified systems engineer,” Newby wrote. Both will begin work May 28 and report to Jerome Lovato, a former Colorado state election official. Earlier this month, Lovato was tapped to head the EAC’s program for testing and certifying voting systems. He replaced Ryan Macias, whose departure […]

The post Election commission hires 2 tech experts for testing and certification program appeared first on CyberScoop.

Continue reading Election commission hires 2 tech experts for testing and certification program→

Election Assistance Commission pleads for more money in Senate hearing

Posted on May 16, 2019 by Shannon Vavra

The Election Assistance Commission is straining to secure elections in advance of the 2020 cycle with its current level of funding, the organization’s leadership told lawmakers Wednesday during a hearing on Capitol Hill. EAC chairwoman Christy McCormick said during a Senate Rules Committee hearing on election security that the commission has seen its budget halved from where it was in 2010, despite the fact that its responsibilities have greatly increased since the 2016 election. “That’s unbelievable,” Sen. Angus King, I-Maine, said of the cuts. “That’s like cutting the budget of the fire department in the middle of a five alarm fire. We’ve never had such a serious attack on our political systems that we’ve had in the last three years and your budget is 50 percent what it was.” All four EAC commissioners who testified Wednesday agreed that information sharing with local election officials needs to improve in advance of the 2020 elections. Two […]

The post Election Assistance Commission pleads for more money in Senate hearing appeared first on CyberScoop.

Continue reading Election Assistance Commission pleads for more money in Senate hearing→

Election commission names new lead for testing and certifying voting systems

Posted on May 9, 2019 by Sean Lyngaas

The federal Election Assistance Commission has appointed Jerome Lovato, a former Colorado state election official, as head of the commission’s program for testing and certifying voting systems, according to a commission email obtained by CyberScoop. Lovato replaces Ryan Macias, who was filling the role in an acting capacity and will step down this month. The crucial EAC program works with the country’s top voting equipment vendors to certify and decertify voting system hardware and software. Lovato’s appointment, which was first reported by Politico, comes as the commission prepares to help secure the 2020 election, a vote that U.S. officials have warned will be targeted by foreign adversaries. Senators are expected to raise those issues next week at an EAC oversight hearing next week. Some lawmakers have pushed for an increase in EAC funding to hire more tech and cybersecurity experts. Whether or not that money comes, the commission intends on hiring more technical personnel, […]

The post Election commission names new lead for testing and certifying voting systems appeared first on CyberScoop.

Continue reading Election commission names new lead for testing and certifying voting systems→

Election Assistance Commission loses key tech expert ahead of 2020

Posted on May 8, 2019 by Sean Lyngaas

The top official responsible for certifying voting systems at the federal Election Assistance Commission is stepping down, multiple sources confirmed to CyberScoop. The departure of Ryan Macias, the EAC’s acting director of testing and certification, comes as the commission prepares for the 2020 election and continues to mull an important update to voting system security guidelines – a process that Macias has overseen. The commission’s Voluntary Voting System Guidelines are a key set of principles that technical experts can use to evaluate the security of their systems. In February, the commission released the proposed new guidelines, known as VVSG 2.0 for public comment. The result could be the most thorough update to the guidelines since 2005. Macias also manages EAC’s program that works with the country’s top voting equipment vendors to certify and decertify voting system hardware and software, and accredits labs for testing equipment. Multiple people familiar with the matter told CyberScoop that Macias […]

The post Election Assistance Commission loses key tech expert ahead of 2020 appeared first on CyberScoop.

Continue reading Election Assistance Commission loses key tech expert ahead of 2020→