Congress

Senate Intel offers election security guidelines

people voting (Gino Santa Maria/Shutterstock.com) 

A May 8 report on election security by the Senate Select Committee on Intelligence calls for paper backups for state voter registration databases, risk assessments for voting machine manufacturers and better sensor technology for state and local election systems.

The committee recommended two-factor authentication for state voter registration databases, better sensors around election systems to detect malicious activity, paper backups for state voter registration data and assessments for third-party vendors like voting machine manufacturers to ensure they're meeting baseline security standards.

Cybersecurity experts have long called for states to institute paper records for their voting machines, and the Senate Intel report reiterated that advice, but the recommendation to do the same for state voter registration databases takes on new importance after the committee found activity around as many as six states' election infrastructure that went beyond mere scanning and targeting of public websites.

"In a small number of states, these cyber actors were in a position to, at a minimum, alter or delete voter registration data; however, they did not appear to be in a position to manipulate individual votes or aggregate vote totals," the report stated.

Furthermore, the call to install better sensor technology around state and local election systems comes after a recent Senate hearing where a Department of Homeland Security official acknowledged that the department could not definitively state how many states were targeted by Russian hackers in the lead up to the election because some states lacked the necessary technology to detect malicious or suspicious activity.

"It is possible that more states were attacked, but the activity was not detected," the report stated. "In light of the technical challenges associated with cyber forensic analysis, it is also possible that states may have overlooked some indicators of compromise."

The report also highlighted the critical role that voting machine manufacturers play in election cybersecurity and expressed concern that "federal government authorities have very little insight into the cyber security practices of many of these vendors."

Members of Congress including Sen. Ron Wyden (D-Ore.) have pressed voting machine companies for more insight into their cybersecurity practices over the past year, finding that three of the top five manufacturers do not employ a chief information security officer. Many manufacturers have been reluctant to open their systems up to third-party review by security researchers.

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.