Securing the Vote

white paper

Research on Voting Vulnerabilities and Recommendations

Securing the Vote

Download the report

The Securealities “Securing the Vote” report delves into the important issue of voting security: where the vulnerabilities lie in our voting machines, infrastructure, process, standards, and governance. The conclusions in this report were drawn from our real-world experiences testing voting systems and network infrastructure under the National Cybersecurity Assessments and Technical Services (NCATS) program under the Department of Homeland Security, as well as on voting machines on behalf of state government (totaling assessments for systems and networks across 10 U.S. states).

Our conclusions? The U.S. voting system is broken; it is peppered with vulnerabilities, which is affecting voter confidence. While manufacturers and states assure voters systems are secure, our analysis demonstrates otherwise; systems require significant improvement from the hardware and software that run voting machines, the networks that connect the votes and databases, and the policies and standards that oversee their operations.

Additional Key Insights from the Report:

  • The current standard issued by the Election Assistance Commission (EAC), VVSG 1.1, sets a solid overall foundation for security, but lacks the specific controls recommendations and end-to-end testing requirements needed to ensure the security controls deployed are effective.
  • Machines that have passed VVSG 1.1 could still fall victim to a number of hacks.
  • The end-to-end process of voting presents even more risks, from voter registration systems to networks, additional compute, storage, and network components, physical storage concerns, and staff risks (who could fall prey to social engineering attacks). This infrastructure and holistic process needs to undergo security evaluation.
  • Ultimately, we believe that what is needed is a model that can be drawn from other examples in cybersecurity, such as federal cloud deployment as safeguarded by FedRAMP.

Download the report to read more insights and review our analysis from our engagements.

 

Download the report to read more insights and review our analysis from our engagements.