New Guide on Election System Supply Chains Aids Risk Evaluations

February 16, 2021


A new report by the Center for Internet Security aims to simplify the process for election technology vendors securing the supply chains they use in developing the products they sell to state and local officials. Although the guide, published last week, had been in the works for months, its authors said it takes on added relevance in the wake of the so-called SolarWinds hack, a suspected Russian espionage operation that breached the software supply chains of numerous federal agencies, corporations and state governments.

So far, there has been no evidence the SolarWinds hack affected any U.S. election systems, the acting head of the Cybersecurity and Infrastructure Security Agency said Feb. 3, but the sheer amount of hardware and software used in the voting process leaves it vulnerable to similar compromises, said Aaron Wilson, a senior director for election security at CIS and one of the report’s authors.