Cybersecurity

New guidelines for hack-proof elections get a key vote of approval

 

A new set of voluntary guidelines for security and reliability of elections systems was approved on Sept. 12 by a key committee of the Elections Assistance Commission. The vote took place at a meeting of the EAC that was chaired by Kent Rochford, acting director of the National Institute of Standards and Technology.

The new document represents a refresh of voting system guidelines that were developed in 2005 and last updated in 2015. The EAC vote comes as cybersecurity experts warn that election systems are vulnerable to hacking, and almost a year after the Department of Homeland Security added election systems to its list of critical U.S. infrastructure.

The guidelines are a statement of goals, not a set of specifications to secure voting technology. The draft calls for an audit trail for electronic votes, data interoperability among voting systems, logging of user access for election tools and limits on who gets access and under what circumstances. On the hardware side, the guidelines look to tighten up physical security by making sure any attempt to tamper with voting gear leaves physical evidence.

The guidelines also call for data protection. While it doesn't require encryption per se, the guidelines call for all cryptographic algorithms to be, "public, well-vetted, and standardized."

Even if approved, the EAC goal won't bind state and local governments to acquire new systems or make improvements to existing election systems. Election officials from several states have publicly bristled at the possibility that the federal government might assert a more direct role in election security standard.

"Today's vote is a watershed moment in the effort to implement the next generation of standards used to test voting systems," said EAC Chairman Matthew Masterson. "These new guidelines are designed to spur innovations that allow local election officials to give voters the best experience possible. The standards will ensure improved accessibility, security, accuracy and auditability of voting systems."

The guidelines go to the EAC Board of Advisers and Standards for review, followed by a public comment period. The guidelines are slated to be complete by the end of 2017.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy, health IT and the Department of Veterans Affairs. Prior to joining FCW, Mr. Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian started his career as an arts reporter and critic, and has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, Architect magazine, and other publications. He was an editorial assistant and staff writer at the now-defunct New York Press and arts editor at the About.com online network in the 1990s, and was a weekly contributor of music and film reviews to the Washington Times from 2007 to 2014.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group