National: New guide on election system supply chains aids risk evaluations | Benjamin Freed/StateScoop
A new report by the Center for Internet Security aims to simplify the process for election technology vendors securing the supply chains they use in developing the products they sell to state and local officials. Although the guide, published last week, had been in the works for months, its authors said it takes on added relevance in the wake of the so-called SolarWinds hack, a suspected Russian espionage operation that breached the software supply chains of numerous federal agencies, corporations and state governments. So far, there has been no evidence the SolarWinds hack affected any U.S. election systems, the acting head of the Cybersecurity and Infrastructure Security Agency said Feb. 3, but the sheer amount of hardware and software used in the voting process leaves it vulnerable to similar compromises, said Aaron Wilson, a senior director for election security at CIS and one of the report’s authors. “The election space is a lot like the rest of our technology space where the supply chain has inherent risks,” he told StateScoop. Modern elections are conducted on an elaborate assembly of technologies, including voter registration systems, electronic pollbooks used when voters check in, ballot-marking devices, optical scanners that collect and tabulate ballots and election night results websites where unofficial counts are posted. And each of those are made up of their own, sometimes complex chain of components, the CIS report explains. That means election officials need to be confident that their vendors have assessed and mitigated any risks with their third-party suppliers, Wilson said. While the larger vendors in the election technology market have large and sophisticated technical staffs, he said, there are also smaller companies that may need direction on how to avoid incidents that could undermine public confidence in an election.
Full Article: New guide on election system supply chains aids risk evaluations