The US Intelligence Community and National Media concluded that “Russian hackers in 2016 worked to compromise state voting systems and the companies that provide voting software and machines to states” fivethirtyeight What needs to be done to protect state and county election system infrastructure to ensure a fair election in 2020?
Election Systems Infrastructure is made up of the following components, with each component having a unique set of vulnerabilities, according to the Center for Internet Security and the National Conference of State Legislatures:
- Voter registration systems provide voters with the opportunity to establish their eligibility and right to vote, and for states and local jurisdictions to maintain each voter’s record, often including assigning voters to the correct polling location.
- Pollbooks assist election officials by providing voter registration information to workers at each polling location. Historically, these were binders that contained voter information and could be used to mark off voters when they arrived to vote. While paper pollbooks remain in use today, many pollbooks are electronic and aim to facilitate the check-in and verification process at in-person polling places. The primary cybersecurity-related risks to paper pollbooks come from the transmission of pollbook data to formatting and printing services
- Vote capture devices are the means by which actual votes are cast and recorded. Approaches vary greatly both across and within jurisdictions. Any given jurisdiction, and even a single polling place, is likely to have multiple methods for vote capture to accommodate both administrative decisions and different needs of voters
- Vote tabulation is any aggregation or summation of votes. Vote tabulation is the aggregation of votes (e.g., cast vote records and vote summaries) for the purpose of generating totals and results report files.
- Election results reporting and publishing: After votes are tabulated, results must be communicated both internally and to the public. The systems used for reporting and publishing are likely networked, and, in many cases, have public facing websites.
Transmission between components creates vulnerabilities While securing elections systems components is important, one of the largest sources of vulnerabilities, and thus most common methods of attack—attack vectors in cybersecurity parlance—lies not in the systems but in the transmission of data between systems. Weaknesses in communications protocols, or in their implementation, risk exposure or corruption of data, even for systems that are otherwise not network connected. For instance, while paper pollbooks wouldn’t typically have cybersecurity risks, if the data for the pollbooks is sent electronically to a printing service, this transmission introduces risks that must be addressed. https://www.cisecurity.org/wp-content/uploads/2018/02/CIS-Elections-eBook-15-Feb.pdf
National Security Organizations offer guidance on election security:
Organizations like the Center for Internet Security (CISecurity), the National Conference of State Legislatures (NCSL) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the National Institute of Standards and Technology (NIST) are providing election security guidance to states and counties.
The Center for Internet Security (CIS) and its partners published a handbook as part of a comprehensive, nationwide approach to protect the democratic institution of voting. The handbook is about establishing a consistent, widely agreed-upon set of best practices for the security of systems infrastructure that supports elections. Some of those key guidelines include:
- Applicable CIS Controls #5.1: Minimize and Sparingly Use Administrative Privileges and only use administrative accounts when they are required. Implement focused auditing on the use of administrative privileged functions and monitor for anomalous behavior.
- Applicable CIS Controls #6.2: Ensure logging is enabled on the system: Validate audit log settings for each hardware device and the software installed on it, ensuring that logs include a date, timestamp, source addresses, destination addresses, and various other useful elements of each packet and/or transaction. Systems should record logs in a standardized format such as syslog entries or those outlined by the Common Event Expression initiative. If systems cannot generate logs in a standardized format, log normalization tools can be deployed to convert logs into such a format.
- Applicable CIS Controls #6.6: Use automated tools to assist in log management and where possible ensure logs are sent to a remote system: Deploy a SIEM (Security Information and Event Management) or log analytic tools for log aggregation and consolidation from multiple machines and for log correlation and analysis.
- Applicable CIS Controls #9.2: Leverage Host-based Firewalls Apply host-based firewalls or port filtering tools on end systems, with a default-deny rule that drops all traffic except those services and ports that are explicitly allowed.
- Applicable CIS Controls #12.2 Deploy Network Intrusion Detection System (IDS): On DMZ networks, configure monitoring systems (which may be built in to the IDS sensors or deployed as a separate technology) to record at least packet header information, and preferably full packet header and payloads of the traffic destined for or passing through the network border. This traffic should be sent to a properly configured Security Information Event Management (SIEM) or log analytics system
- Applicable CSS Controls #14: Controlled Access Based on the Need to Know: The processes and tools used to track/control/prevent/correct secure access to critical assets (e.g., information, resources, systems) according to the formal determination of which persons, computers, and applications have a need and right to access these critical assets based on an approved classification.
- Applicable CIS Controls#14.1: Implement Network Segmentation Based On Information Class: Segment the network based on the type of information and the sensitivity of the information processes and stored. Use virtual LANS (VLANS) to protect and isolate information and processing with different protection requirements with firewall filtering to ensure that only authorized individuals are able to communicate with systems necessary to fulfill their specific responsibilities.
- Applicable CIS Controls #16.10: Ensure that user activity is logged and monitored for abnormal activities: Profile each user’s typical account usage by determining normal time-of-day access and access duration. Reports should be generated that indicate users who have logged in during unusual hours or have exceeded their normal login duration. This includes flagging the use of the user’s credentials from a computer other than computers on which the user generally works.
Election Security Requires Funding and Investment.
On March 23, 2018 the Consolidated Appropriations Act of 2018 was signed into law, which included $380 million in Help America Vote Act (HAVA) grants for states to make election security improvements. In order to receive the grant funds states must provide at least a 5 percent match within two years of receiving the federal funds and submit a state plan detailing how the funds are to be used. Every state received a base of $3 million, with the remaining funds disbursed using the voting age population formula described in Sections 101 and 103 of HAVA. This means that states received anywhere from $3 million to $34 million, depending on the population of the state (see this chart for state by state details). http://www.ncsl.org/research/elections-and-campaigns/election-security-state-policies.aspx
The replacement of election equipment will continue into 2019. Although not a new trend, the requirement of paper ballots or a paper trail may be central in 2019 legislation. Bills in Indiana (HB 1315, SB 570), Missouri (HB 543, SB 113), Mississippi (HB 28), New York (SB 308), South Carolina (HB 3304, HB 3043, HB 3302, SB 182, SB 183, SB 140), Texas (SB 277, HB 22) all deal with phasing out paperless voting machines or requiring a paper trail for new equipment. Some bills include an appropriation. New Hampshire HB 345 would require new ballot-counting equipment to be acquired at regular intervals, and bills in Texas (HB 362) and Wyoming (HB 21) would create grant funds to assist local governments with purchasing new voting equipment. http://www.ncsl.org/research/elections-and-campaigns/the-canvass-january-2019.aspx
Open Source Election System Technology Efforts
Election officials in Los Angeles County gave final approval, last Tuesday, to a new system of counting ballots, named “Voting Solutions for All People (VSAP) Tally 1.0”. The VSAP Tally 1.0 system is created to make the upcoming elections more secure. The new tally system, VSAP Tally 1.0, is an open-source platform that runs on technology owned by the county instead of a private vendor. This is the first publicly-owned, open-source election tally system certified under the California voting system standards. The certification process of VSAP Tally 1.0 involved rigorous functional and security testing conducted by the Secretary of State’s staff as well as a certified voting system test lab. The testing ensured that the new system complies with California Voting System Standards (CVSS)… John Sebes, the chief technology officer, Open Source Election Technology Institute, points out that “their intention is to make it freely available to other organizations, which it is not as of now. It’s open source in the sense that it was paid for by public funds and the intent is to share it.” https://hub.packtpub.com/vsap-tally-1-0-a-new-open-source-vote-counting-system-by-la-county-gets-final-state-approval/
The OSET (Open Source Election Technology) Institute is about researching, developing, and making innovative election software public technology (i.e., publicly available open source technology subject to an OSI-accredited license) in order to increase verification, accuracy, security, and transparency (in process), and ensure that ballots are counted as cast. The mission of the OSET Institute, a nonpartisan, nonprofit election technology research, development, and education organization, is to increase confidence in elections and their outcomes in order to preserve the operational continuity of democracy — ultimately worldwide — and because everyone deserves a better voting experience. The Institute’s goal is to help defend democracy worldwide by ensuring the integrity, security, and usability of election administration technology. These principles guide our work. The result, ElectOS, a Framework of public election technology available for any jurisdiction to adopt, adapt, and deploy for elections whether done in-house or by an outside commercial systems integration organization (however, not the OSET Institute).
The Timing for Planning and Implementation of Election Security is Now!
Snare Advanced Threat Intelligence combines syslog data from Snare including Windows, Linux, Unix, OSX, Routers, Switches and Firewalls as well as other data sources including external threat databases like STIX (Structured Threat Information eXpression) – a global data base of known cyber threats, directory and authentication data, server patching data, backups. Snare Advanced Threat Intelligence also combines data from cloud based APIs including Office 365 and Amazon Web Services. This enables customers to manage the security posture of all their systems regardless of the location or type of data feed. All products are available either on premise or hosted in the cloud and are available as a subscription service.
Center for Internet Security: eBook – A Handbook for Elections Infrastructure Security https://www.cisecurity.org/wp-content/uploads/2018/02/CIS-Elections-eBook-14-Feb.pdf
Electronic Poll Books | e-Poll Books http://www.ncsl.org/research/elections-and-campaigns/electronic-pollbooks.aspx
Electronic Poll Books-California Code of Regulations https://www.sos.ca.gov/administration/regulations/current-regulations/poll-books/