RABET-V: A New Approach to Testing Election Technology
For most, "election technology" means the equipment you see when you are casting a ballot in a polling place. Along these lines, election security is focused on voting machines and scanners that count ballots. But there's much more we can do to build trust in the cybersecurity of election technology.
Non-voting election technology – ePollbooks, election night reporting systems, voter registration systems, and other software or products that support election administration but are not part of the vote-casting or tabulation processes – have fundamental differences from voting technologies like voting machines and tabulators. They aren't part of the secret balloting process, they are typically internet connected, and they help set up and run the process rather than being part of casting and counting votes directly. Until recently, these systems didn't have a standardized national process for verifying their security, reliability, and usability.
The Center for Internet Security® (CIS®) sought to address this election security issue by developing the Rapid Architecture-Based Election Technology Verification (RABET-VTM*) program, a rapid, reliable, and cost-effective approach to verifying non-voting election systems. As the first national program for testing non-voting election technology, RABET-V helps bring consistency to non-voting systems, thus increasing trust in the administration of elections. We’ll spend some time exploring how RABET-V overcomes the shortcomings of the traditional testing approach to bring a new, more holistic approach that's aligned with secure software development practices.
RABET-V's Approach to Enhancing Election Security
RABET-V uses a novel approach to testing information technology. Where most approaches use a single assessment type, RABET-V pulls together three industry-leading assessments into a single, comprehensive view of a product and the organization that developed it.
- The Organizational Assessment examines the practices that the technology provider uses to develop a product.
- The Architecture Assessment analyzes components at the system and software levels to visualize the risks surrounding a product.
- The Product Verification tests for someone's ability to misuse the product for the purpose of producing unintended actions or outcomes.
Together, these three assessments yield a far more holistic picture of critical election technology. The RABET-V process creates actionable results through reports that technology providers can use to continually improve their products and that election offices can use to make informed procurement decisions. It also creates time and cost savings by letting technology providers use their results from previous assessments along with information about product changes to adjust the level of testing for future versions.
An overview of the RABET-V process.
How RABET-V Fixes the Limitations of Traditional Testing
The traditional testing approach for information technology takes a product at a specific point in time and tries to make it do the things it claims to do as well as tries to break it. It's usually slow and costly; many similar programs suffer from significant drawbacks. RABET-V's approach supports technology providers and election offices more effectively than traditional testing.
| Traditional Testing | RABET-V's Holistic Approach |
|---|---|
| It doesn't keep pace with technology changes. As such, evaluated products don't remain relevant amid evolving threats and a changing election environment. |
Encourages incremental changes with a risk-based approach. RABET-V's risk-based, iterative approach scores technology and technology providers on various aspects of their product and processes, helping providers focus on areas where they can make incremental improvements with the most impact. |
| Each assessment is performed in isolation. Like the above, tests without business or threat context can't attest to how a piece of technology will perform in a production environment. |
Reviews the organization and environment in which the product underwent development. Election offices can take these factors into account to make a more informed procurement decision. |
| Full re-testing is prioritized. Traditional testing accepts limited de minimis changes. Because of the time and money required to go through a full test, election officials can't get the updates they want unless they fit in a very narrow range.
|
Scalability. Technology providers can use RABET-V to evaluate their products for different types of changes, and the level of testing scales to match the risk presented by the change. |
| It requires full testing costs on a regular basis. Every verification attempt costs the same as another, a reality for which technology providers must budget in perpetuity. And in different jurisdictions, this might me repeating very similar tests over and over again. | The potential to lower costs. Scaling testing cn reduce costs for any given test, and by creating a consistent, national approach, RABET-V reduces the cost of having each technology provider go through similar but non-standard testing procedures in each state or locality. |
| Reverification doesn't save time. A reverification attempt generally takes the same amount of time as verification, which costs technology providers time and money. |
Reduces the time needed for reverification. Rather than reviewing the entire system with each technological change, re-verification of well-built systems from mature technology providers evaluates only those system aspects affected by the change. |
| Product changes are disincentivized. Traditional testing bogs down technology providers in a lengthy reverification process for even incremental updates. As a result, changes become so infrequent they struggle to keep up with the evolving threat environment. | Incentivizes continual, incremental improvement. The RABET-V process rewards better security and product development practices by taking prior assessment scores into account and scaling testing appropriately. |
| Redundant testing required for tailoring. This means technology providers must spend even more time and money to test against custom requirements. | Doesn't penalize tailoring. RABET-V uses a delta-based approach to help technology providers meet unique requirements for specific jurisdictions, including for homegrown systems. |
Taken as a whole, the RABET-V approach changes the game. Technology Providers now have the incentive to continually improve and to test and deploy security updates, bug fixes, and new features mroe quickly. And election offices have more insight into technology providers' products, instilling more confidence about what they deploy in their environments.
RABET-V has been Piloted Rigorously and is in Operation
RABET-V has undergone several pilot rounds to make sure it can benefit you and your election office. We piloted the RABET-V process with with five technology providers and proved that we can consistently apply rigorous assessments of the organization and the product. The way RABET-V requires testing relevant to the change that's made can bring testing of an update down to days or weeks rather than months – or years!
RABET-V is Now Live!
We're pleased to announce that we've officially launched RABET-V to serve the election community. We expect that we can build on the progress we’ve already made to help better safeguard non-voting technology in years to come.
Want to learn more about and support RABET-V?
Read up on RABET-V* Patent pending.
