Beyond the Ballot Box: Securing America’s Supporting Election Technology
There is more to America’s election technology than most people know. Most people are familiar with voting systems and voter registration systems. How many people are familiar with electronic poll books, on-demand ballot printers, election night reporting systems, and electronic ballot delivery solutions? These solutions are internet-connected systems and their compromise would have serious impacts on election operations and public confidence.
To help secure these critical systems, CIS developed a set of best practices for securing non-voting election technology. These best practices are built upon the set of security controls found in the CIS Controls. They combine the CIS Controls and web application security best practices with election-specific concerns and constraints.
We created the guide by working with state and local election technologists, election technology providers, and other community stakeholders. Implementing the recommendations in this guide can significantly reduce the risk of internet-connected election technologies being compromised and adversely impacting Election Day operations.
Defining Non-Voting Election Technology
Non-voting election technology refers to the internet-connected products and services that handle sensitive ballot, voter, and election results data. This includes election night reporting systems, electronic poll books, electronic ballot delivery systems, and voter registration systems. Internet-connected technologies are the most at-risk components of the election infrastructure. They handle sensitive ballot, voter, and election results data.
The CIS Security Best Practices for Non-Voting Election Technology guide covers five areas: Network and Architecture, Servers and Workstations, Software Application, Data, and Administration. The areas were chosen carefully based on similarities in threats, mitigations, and governance.
For each area, we provide an in-depth discussion on the threats to and governance of that area, then describe the mitigations – recommended best practices – in more detail. The mitigations are intended for technical audiences who will be implementing the security best practices. Additional narrative is provided for non-technical management who need to understand the rationale and security context for each best practice.
Security profiles for best practices
To better assist election technology providers and election officials with understanding and utilizing our best practices, we defined and assigned each best practice to one of three profiles: Level 1, Level 2, or Level 3. The profiles build upon themselves. The goal is to have all election technology solutions at a Level 1 or above. If a technology solution achieves Level 2, it implies that best practices in both Level 1 and Level 2 are met.
- Level 1 – Minimum best practices that are most broadly applicable and effective when employed in security applications by organizations.
- Level 2 – Additional controls that form a defense-in-depth strategy for election technology solutions with more invested time and resources.
- Level 3 – Advanced, automated security controls.
Up next? Strengthening verification processes
CIS is also working on how to verify systems against these best practices. Traditional voting systems are verified against large monolithic standards using lengthy and expensive certification campaigns run by independent test laboratories. This approach doesn’t incentivize change or innovation in either the requirements or the systems. This might be okay for voting systems since they are offline installs. It is imperative, however, for internet-connected election technology to be responsive and adapt quickly to changes in the threat landscape. CIS is addressing this with a new verification process model that will provide certain assurances of security, reliability, and functionality in a flexible, change-tolerant manner. We aren’t just developing theoretical ideas; CIS will be piloting this process with actual states, counties, and election vendors working together.
You can take a good first step today by downloading the CIS Security Best Practices for Non-Voting Election Technology and begin implementing the recommendations. Together, we can continue to improve the security of elections.