A new bipartisan bill wants to improve cybersecurity of the US voting system

Alfonso Maruccia

Posts: 972   +294
Staff
What just happened? The US voting system has been a target of foreign state-sponsored hackers for years. Now, a bipartisan proposal is trying to introduce more stringent security requirements through certified penetration testing procedures.

A bill introduced by senators Mark R. Warner (D-VA) and Susan Collins (R-ME) wants to strengthen the cyber-security of US election digital infrastructure, providing new testing requirements for voting machines going through the certification process by the Election Assistance Commission (EAC).

The bill, which goes by the SECURE IT moniker or Strengthening Election Cybersecurity to Uphold Respect for Elections through Independent Testing, wants the voting machines to go through a proper, certified penetration testing procedure.

Current regulations under the Help America Vote Act (HAVA) require that EAC provides testing and certification, decertification, and recertification of voting system hardware and software through accredited laboratories, the two senators say. Yet HAVA still doesn't explicitly require pentest procedures for digital voting systems.

A thorough security check-up of hardware and software configurations used in voting procedures is essential for reassuring American citizens and elected officials about the integrity of the election process, Senator Collins said. After all, security experts and "white hat" hackers have been testing voting machines by themselves for years, discovering dangerous vulnerabilities and identifying state-sponsored actors (from Russia, Iran or elsewhere) actively working to undermine US elections.

The proposed bill would amend current HAVA regulations, setting up a voluntary vulnerability disclosure program (Coordinated Vulnerability Disclosure Program) where ethical, "vetted" hackers and researchers would be given access to commercial voting systems provided by manufacturers. Vulnerabilities found in the systems would be disclosed to said manufacturers and EAC, keeping the flaws secret for 180 days to provide developers enough time to fix the issues.

According to Senator Warner, if the US is going to defeat its adversaries, "we have to be able to think like they do." The SECURE IT Act would allow researchers to step into the shoes of cybercriminals by discovering vulnerabilities and flaws that might not be found otherwise. Foreign and domestic threats are continuing to target US democracy, Warner said, and a new, up-to-date legislation designed to harness the "critical cybersecurity practice" of white hat pentesting will help the federal government safeguard the US elections infrastructure.

Permalink to story.

 
Trumps OWN CYBER GUY on RECORD stated the dominion system is secure.. along with the systems used in AZ and TX and GA.. this is juts a money grab for funding based on 30% of our deep right population being to old , stupid and science fearing to understand how basic #$%#% encryption works.
 
Trumps OWN CYBER GUY on RECORD stated the dominion system is secure.. along with the systems used in AZ and TX and GA.. this is juts a money grab for funding based on 30% of our deep right population being to old , stupid and science fearing to understand how basic #$%#% encryption works.

My Tin foil hat makes me think its a ploy to actually get access to the sensitive materials required to ACTUALLY hack these things!
 
They have voting machine hacking booths at DEFCON every year so it's actually shocking to me that people think these are secure. They're often running unpatched Windows lol
Good point, I mean a system is only ever as secure as the administrators who implement it. And if the world has taught us anything is that these people running the polls are often ancient and probably not very computer savy. Not to mention the govt in general is disorganized.
 
The only reason I see going digital is so cheating can occur. Photo ID and paper ballots are too honest and we can't have that can we? The digital age in some ways has made us...s_ _pid.
 
Last edited:
LOL. There is NO computer voting system that is safe and secure. You wanna some kind of security, use paper, and only on voting places which are supervised by people from different parties, and where anonymity is guaranteed. So, no postal mail voting. And especially no computers.

As the old Chinese proverb says:
"Use computers only when you wanna rig elections".
 
Last edited:
Back