Election machine manufacturers are opening their wares to hackers in an effort to harden voting security ahead of next year’s US Presidential Election.
This week’s first-ever Election Security Research Forum featured organized pen testing and bug research for digital scanners, ballot marking devices, and electronic pollbooks, with a primary focus on the technology that voters may encounter at a polling site. The forum also enabled security researchers to engage with the vendors of the systems.
Notably, this marked the first time such manufacturers voluntarily offered their systems for third-party review as part of a vulnerability disclosure process, according to the Forum.
“The reality is that security research happens whether the vendors invite it or not, so this shift in relationship and approach takes advantage of the existing dynamics of the Internet in order to make the democratic process more resilient, and more trustworthy,” said Casey Ellis, founder and CTO at Bugcrowd, in an emailed statement. “Ultimately, all vendors and every organization associated with the democratic process should be doing this.”
The Forum, which is the culmination of five years of planning by the IT-ISAC’s Elections Industry Special Interest Group (EI-SIG) is just the first fruit of a program built to work on what is arguably one of the most critical cyber threat surfaces in existence.
“What I enjoyed most was watching the lights come on for both audiences: As hackers in the room understood the complexity and gravity of election systems as a security target, and as the voting service providers got to see and understand the hacker mindset in action,” Ellis noted. “This was a pilot event and overall, I feel that it was a ‘successful first blind date.'”