As the House and Senate continue to examine the wave of disinformation around the 2016 general elections, fears around the security of voting organisations examine something even more germane to the U.S. democratic system.
In early October, Senate Intel Committee member and Oregon Senator Ron Wyden issued a character to the nation’s six major voting machine manufacturers calling on them to question detailed information about their safety practices and assurances that they were taking voting soundnes gravely moving forward.
Abiding by the October 31 deadline, voting machine makers Dominion Voting, Electoral system& Software( ES& S), Five Cedars Group, Hart InterCivic and Unisyn Voting Solutions have responded, though some of the details are far away from reassuring.
Dominion Voting reports that it “is not aware of any occurrences in which an attacker has gained unauthorized better access to our internal plans, corporate data or patron data” nor has it been informed by the FBI or Homeland Security of any such intrusion.
Unisyn stated that it has undergone invasion testing by a third-party four times in the last five years, and is dealing with “a majority of the findings” since, but has not suffering from infringes during that time.
ES& S said that it had “zero knowledge” of any kind of interference pertaining to its voter registration application or tabulation gear, a see that it corroborated with DHS in a meeting following the critical infrastructure identification for election systems. “Senator, we also understand that your probe seeks to ascertain if our company was the target of known cyber onrushes during the 2016 ballot round. In have responded to that interrogate we have no indication that our internal infrastructure was compromised in any way, ” the company added.
Dominion stated that it does not have a Chief Information Security Officer as a designated insurance point person , noting further that “our Director of IT, EVP of Engineering and others currently precede our cybersecurity and risk mitigation efforts.” The companionship did not specify how many employees run solely on message protection beyond stating that it has “many employees who play a role.” Unisyn went on to state that “the company’s IT Director and System Architect cooperate to fulfill the roles and responsibilities equivalent to that of a[ Chief Information Security Officer ], ” too slumping to nation how many employees are solely dedicated to information security.
Dominion dismissed a few questions around how the company manipulates unsolicited vulnerability reports, claiming that because that access is strictly limited that any unsolicited access would result in criminal prosecution. Unisyn indicated that it saves up with security issues affecting external application it uses, like in the case of Heartbleed, but it did not specify any process through which outside security investigates could accompany inaccuracies to light.
In its letter, Hart InterCivic clarified that it does not provide voter registration systems as some of the other firms do, blaming the media for “creating confusion among readers” by conflating voter registration plans with voting machines. Hart InterCivic points to reports that exclusively voter enrollment structures have been compromised, and in the relevant procedures clears illumination of potential threats to voting machines themselves. The company ignores most of Sen. Wyden’s questions and goes on to establish the questionable assert that because commonwealth statutes diversify, heterogeneity in voting machine organizations are an integral part , not a defect, and the lack of uniform federal standards for these systems draws them safer.
In its letter, Oregon-based Five Cedars Group, a smaller busines among manufacture whales, indicated that its engineering doesn’t face many of the concerns that the original note delivers up. “Because of the way the Oregon Secretary of State office designed the relevant procedures back in 2007, at no time are votes positioned on a Five Cedars server, ” the company writes. “We likewise never receive any voter registration data, marked referendums or any other document that would be of interest to a hacker.”
Oregon is unique in that the government expends a vote-by-mail system and Five Cedars form remote accessible referendum by forward votes for nation inhabitants with disabilities. Senator Wyden has been a vocal partisan of extending an Oregon-style vote by mail system nationwide, announcing for legislation around vote by forward in 2016 and again with the Vote by Mail Act in 2017. Vote by mail systems are understood to both raise voter turnout greatly and to annihilate probabilities associated with decentralized polling stations, though at this time broad bipartisan support for such a invoice searches unlikely due to a partisan partition over issues like voter crackdown and predominantly unsubstantiated asserts around voter fraud.
Sen. Wyden’s original topics show below 😛 TAGEND
1. Does your fellowship employ a Leader Information Security Officer? If yes, to whom do they instantly report? If not, why not?
2. How many employees act alone on corporate or make intelligence protection?
3. In the last five years, how many times has your fellowship exploited an outside cybersecurity conglomerate to examine the security of your products and manage piercing experiments of your corporate information technology infrastructure?
4. Has your busines addressed all of the questions discovered by these cybersecurity experts and implemented all of their recommendations? If not, why not?
5. Do you have a treat in place to receive and respond to unsolicited vulnerability reports from cybersecurity researchers and other third parties? How many times in the past five years has your firm received such reports?
6. Are you aware of any data transgress or other cybersecurity incidents in which an attacker gained illegal better access to your internal plans, corporate data or client data? If your fellowship has suffered one or more data infractions or other cybersecurity incidents, have you reported these incidents to federal, district and local authorities? If not, why not?
7. Has your busines enforced best available rehearses described in the National Institute of Standards and Technology( NIST) 2015 Voluntary Voting Systems Guidelines 1.1? If not, why not?
8. Has your house used the best traditions described in the NIST Cybersecurity Framework 1.0? If not, why not?
Read more:
Chicago Information Technology 