Congress

Senate Intel offers election security guidelines

people voting (Gino Santa Maria/Shutterstock.com) 

A May 8 report on election security by the Senate Select Committee on Intelligence calls for paper backups for state voter registration databases, risk assessments for voting machine manufacturers and better sensor technology for state and local election systems.

The committee recommended two-factor authentication for state voter registration databases, better sensors around election systems to detect malicious activity, paper backups for state voter registration data and assessments for third-party vendors like voting machine manufacturers to ensure they're meeting baseline security standards.

Cybersecurity experts have long called for states to institute paper records for their voting machines, and the Senate Intel report reiterated that advice, but the recommendation to do the same for state voter registration databases takes on new importance after the committee found activity around as many as six states' election infrastructure that went beyond mere scanning and targeting of public websites.

"In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals," the report stated.

Furthermore, the call to install better sensor technology around state and local election systems comes after a recent Senate hearing where a Department of Homeland Security official acknowledged that the department could not definitively state how many states were targeted by Russian hackers in the lead up to the election because some states lacked the necessary technology to detect malicious or suspicious activity.

"It is possible that more states were attacked, but the activity was not detected," the report stated. "In light of the technical challenges associated with cyber forensic analysis, it is also possible that states may have overlooked some indicators of compromise."

The report also highlighted the critical role that voting machine manufacturers play in election cybersecurity and expressed concern that "federal government authorities have very little insight into the cyber security practices of many of these vendors."

Members of Congress including Sen. Ron Wyden (D-Ore.) have pressed voting machine companies for more insight into their cybersecurity practices over the past year, finding that three of the top five manufacturers do not employ a chief information security officer. Many manufacturers have been reluctant to open their systems up to third-party review by security researchers.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected