In anticipation of the upcoming 2024 election, major US voting equipment manufacturers have announced an initiative to collaborate with cybersecurity experts to undergo extensive stress testing of their election systems.
The move aims to bolster election security and combat the rampant spread of misinformation among American voters.
Hosted by the Information Technology-Information Sharing Analysis Center (IT-ISAC), the “Election Security Research Forum” marked a significant milestone in efforts to safeguard US elections.
According to a release published last week, the event was the culmination of five years of planning by IT-ISAC’s Elections Industry Special Interest Group (EI-SIG) and support from an independent advisory board comprising security researchers, security companies, nonprofits and former state and local election officials.
While certified election systems are regularly tested, this represents the first time that manufacturers have voluntarily opened their systems to third-party scrutiny as part of a vulnerability disclosure process. The primary goal is twofold: to uncover potential vulnerabilities and to enhance transparency, ultimately instilling greater confidence in the voting process.
The cybersecurity testing program brought together three leading voting equipment vendors: Election Systems & Software, Hart InterCivic and Unisyn. These vendors allowed a group of trusted cybersecurity researchers nearly two days to assess their software and hardware for resilience and security.
During this period, election technology manufacturers provided security researchers access to modern election technology, including newly developed and yet-to-be-deployed software configurations. This encompassed digital scanners, ballot marking devices and electronic poll books – technology voters encounter at polling sites.
“What I found noteworthy was that the vendors in the room were actively welcoming security research and working hand-in-hand with hackers to identify new and novel risks,” commented Casey Ellis, founder and CTO at Bugcrowd.
“The reality is that security research happens whether the vendors invite it or not, so this shift in relationship and approach takes advantage of the existing dynamics of the Internet in order to make the democratic process more resilient and more trustworthy.”
The forum also facilitated direct engagement between researchers and those responsible for these essential systems. Discussions at the three-day event focused on various components of America’s election infrastructure, aiming to improve future election security.
The initiative symbolizes a significant step forward in securing the integrity of the US electoral process as the 2024 election approaches. It is expected to pave the way for more robust cybersecurity measures and further bolster trust among American voters in their democratic system.