Feds, states unveil pilot program meant to secure voter databases and other election systems

The aim is to close a gap in security testing for the broad set of election infrastructure outside of voting machines.
Election, voting, polling, foreign interference
(KOMUnews / Flickr)

Election officials and nonprofit security advocates on Wednesday announced a pilot program for testing and verifying voter registration databases, election night reporting and other systems meant to support voting.

The pilot program will focus on making the software that’s used in election systems more secure as it is developed, and before it is deployed. The aim is to close a gap in security testing for the broad set of election infrastructure outside of voting machines, which are already the subject of voluntary federal security guidelines.

“There is no standard process for verifying that non-voting election technology is secure, reliable, and usable,” said the nonprofit Center for Internet Security, which is spearheading the pilot program. “Existing election technology verification processes are costly, slow, and disincentivize updating products at the same pace as technology changes and security threats.”

Under the pilot program, election systems vendors will submit their products to CIS for testing. Four vendors have signed up, including VR Systems, which makes voter registration systems and electronic pollbooks. Before the 2016 U.S. election, Russian hackers sent spearphishing emails to VR Systems and some of its election customers, according to a report from former Special Counsel Robert Mueller. The company has said it was not hacked.


“We know that the internet-connected nature of this technology makes it at higher risk for attacks [that] could greatly impact election operations, and we have seen evidence that our adversaries are willing to exploit that,” Aaron Wilson, CIS’s senior director of election security, told CyberScoop.

The pilot program is a long-term project rather than one meant to have a major impact ahead of the November elections. CIS — backed by a steering committing of state and federal officials — plans to produce a report in November advising states on how they can implement the results of such a testing process. Election officials from six states — Maryland, Ohio, Wisconsin, Texas, Pennsylvania and Indiana — have agreed to participate in the pilot, which the federal Election Assistance Commission is supporting.

“Our hope is that this pilot program will identify methods to better reduce vulnerabilities of non-voting technology, and will be a service to state and local election officials as we provide and disclose the results,” EAC Vice Chairman Don Palmer said in a statement.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts