Sen. Ron Wyden (D-Oregon) wants to ensure that secure voting systems are in place both for upcoming state elections and the 2020 U.S. Presidential Election and he is trying to do so by ensuring that the voting machines used for elections follow cybersecurity protocols.
Sen. Wyden, who is also a member of the Senate Intelligence Committee, has asked six of the main voting machine manufacturers to detail their cybersecurity efforts to prevent hacking. The request comes after the Department of Homeland Security notified many U.S. states that their elections had been targeted by hackers affiliated with Russia.
“As our election systems have come under unprecedented scrutiny, public faith in the security of our electoral process at every level is more important than ever before. Ensuring that Americans can trust that election systems and infrastructure are secure is necessary to protecting confidence in our electoral process and democratic government,” Wyden said.
Wyden has sent a list of questions that need to be answered by these companies in order to ensure future cybersecurity protocols. These Include:
1. Does your company employ a Chief Information Security Officer? If yes, to whom do they directly report? If not, why not?
2. How many employees work solely on corporate or product information security?
3. In the last five years, how many times has your company utilized an outside cybersecurity firm to audit the security of your products and conduct penetration tests of your corporate information technology infrastructure?
4. Has your company addressed all of the issues discovered by these cybersecurity experts and implemented all of their recommendations? If not, why not?
5. Do you have a process in place to receive and respond to unsolicited vulnerability reports from cybersecurity researchers and other third parties? How many times in the past five years has your company received such reports?
6. Are you aware of any data breaches or other cybersecurity incidents in which an attacker gained unauthorized access to your internal systems, corporate data or customer data? If your company has suffered one or more data breaches or other cybersecurity incidents, have you reported these incidents to federal, state and local authorities? If not, why not?
7. Has your company implemented the best practices described in the National Institute of Standards and Technology (NIST) 2015 Voluntary Voting Systems Guidelines 1.1? If not, why not?
8. Has your firm implemented the best practices described in the NIST Cybersecurity Framework 1.0? If not, why not?
Wyden’s appeal to manufacturers is an addition to the continuing efforts to ensure election security post President Donald Trump’s election last year. Since the election large-scale efforts have been undertaken to ensure fair elections in the future — Facebook and Google have been ordered to comb the spread of fake news on their platforms, while more and more states are trying out different voting mechanisms.
The State of Virginia has already decertified some machines and has reverted to paper ballots, while Georgia is also considering doing the same.
While this will not mean going back to hand counting votes, since even paper ballots would be machine counted, it is technologically backward to solutions adopted elsewhere. India, which has a much larger electorate than the U.S., still uses electric voting machines (EVMs) and held hackathons aimed at improving their security.