Cybersecurity

New guidelines for hack-proof elections get a key vote of approval

 

A new set of voluntary guidelines for security and reliability of elections systems was approved on Sept. 12 by a key committee of the Elections Assistance Commission. The vote took place at a meeting of the EAC that was chaired by Kent Rochford, acting director of the National Institute of Standards and Technology.

The new document represents a refresh of voting system guidelines that were developed in 2005 and last updated in 2015. The EAC vote comes as cybersecurity experts warn that election systems are vulnerable to hacking, and almost a year after the Department of Homeland Security added election systems to its list of critical U.S. infrastructure.

The guidelines are a statement of goals, not a set of specifications to secure voting technology. The draft calls for an audit trail for electronic votes, data interoperability among voting systems, logging of user access for election tools and limits on who gets access and under what circumstances. On the hardware side, the guidelines look to tighten up physical security by making sure any attempt to tamper with voting gear leaves physical evidence.

The guidelines also call for data protection. While it doesn't require encryption per se, the guidelines call for all cryptographic algorithms to be, "public, well-vetted, and standardized."

Even if approved, the EAC goal won't bind state and local governments to acquire new systems or make improvements to existing election systems. Election officials from several states have publicly bristled at the possibility that the federal government might assert a more direct role in election security standard.

"Today's vote is a watershed moment in the effort to implement the next generation of standards used to test voting systems," said EAC Chairman Matthew Masterson. "These new guidelines are designed to spur innovations that allow local election officials to give voters the best experience possible. The standards will ensure improved accessibility, security, accuracy and auditability of voting systems."

The guidelines go to the EAC Board of Advisers and Standards for review, followed by a public comment period. The guidelines are slated to be complete by the end of 2017.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group