Cybersecurity

New guidelines for hack-proof elections get a key vote of approval

 

A new set of voluntary guidelines for security and reliability of elections systems was approved on Sept. 12 by a key committee of the Elections Assistance Commission. The vote took place at a meeting of the EAC that was chaired by Kent Rochford, acting director of the National Institute of Standards and Technology.

The new document represents a refresh of voting system guidelines that were developed in 2005 and last updated in 2015. The EAC vote comes as cybersecurity experts warn that election systems are vulnerable to hacking, and almost a year after the Department of Homeland Security added election systems to its list of critical U.S. infrastructure.

The guidelines are a statement of goals, not a set of specifications to secure voting technology. The draft calls for an audit trail for electronic votes, data interoperability among voting systems, logging of user access for election tools and limits on who gets access and under what circumstances. On the hardware side, the guidelines look to tighten up physical security by making sure any attempt to tamper with voting gear leaves physical evidence.

The guidelines also call for data protection. While it doesn't require encryption per se, the guidelines call for all cryptographic algorithms to be, "public, well-vetted, and standardized."

Even if approved, the EAC goal won't bind state and local governments to acquire new systems or make improvements to existing election systems. Election officials from several states have publicly bristled at the possibility that the federal government might assert a more direct role in election security standard.

"Today's vote is a watershed moment in the effort to implement the next generation of standards used to test voting systems," said EAC Chairman Matthew Masterson. "These new guidelines are designed to spur innovations that allow local election officials to give voters the best experience possible. The standards will ensure improved accessibility, security, accuracy and auditability of voting systems."

The guidelines go to the EAC Board of Advisers and Standards for review, followed by a public comment period. The guidelines are slated to be complete by the end of 2017.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.