One of the Senate’s main cybersecurity proponents wants assurances that voting systems in the U.S. are ready for their next major threat and he’s going straight to the hardware makers to get it. In a letter, Oregon Senator Ron Wyden — an outspoken member of the Senate Intelligence Committee — called on six of the main voting machine manufacturers in the U.S. to provide details about their cybersecurity efforts to date. The request comes on the heels of emerging details around Russia’s successful attempts to hack election systems in many states. Wyden’s line of inquiry is grounded in the pursuit of details, like if a company has been breached previously without reporting the incident and how often it has conducted penetration testing in cooperation with an external security firm. … Wyden’s appeal to voting machine manufacturers is the latest piece in the ongoing conversation around election system and voting machine security following revelations from the 2016 U.S. presidential election. Because states handle elections in a variety of ways, implementing different styles of machine and overseeing their own voter rolls, just how airtight these systems are is difficult to assess.
For example, last month the state of Virginia decertified some of its machines, moving its statewide standard to more secure voting machines that keep a paper tally of votes — a step the state’s board of elections undertook on its own. In January, the Department of Homeland Security added “storage facilities, polling places, and centralized vote tabulations locations” in addition to voter databases and voting machines to a national list of critical infrastructure, making it easier for states to expedite requests for federal cybersecurity aid for their election systems.
Coming at election security from the manufacturer angle offers an examination of one of the most germane pieces of the big picture. In his letter, Wyden demanded answers to the above questions from Dominion Voting, Election Systems & Software, Five Cedars Group, Hart InterCivic, MicroVote and Unisyn Voting Solutions, as well as voting system test labs V&V and SLI Compliance, issuing them an October 31 deadline.