The reverberations of the past two elections in the United States have highlighted the pivotal role of election security in preserving the trust and legitimacy of the democratic system. The controversy, fueled by claims of electoral irregularities and foreign interference, has left an indelible mark on the nation's political landscape.
Recognizing this, the Information Technology - Information Sharing Analysis Center (IT-ISAC) recently hosted a groundbreaking event, the Election Security Research Forum, September 18-20, 2023, in Washington, D.C. This first-of-its-kind gathering brought together cybersecurity experts, voting technology providers, and ethical hackers to address the critical issue of election security.
Scott Algeier, Executive Director of IT-ISAC, lauded the event's significance, remarking:
"This forum was a long time in the making, and we are grateful and thrilled that it has come together. We are thankful to each election systems provider, researcher, and advisory board member who has worked tirelessly to make this happen."
The event's mission was clear: bolster the security and resilience of voting technology and enhance overall voter confidence in U.S. elections. The Election Security Research Forum was five years in the making, the result of meticulous planning by IT-ISAC's Elections Industry Special Interest Group (EI-SIG) and an independent advisory board comprising security researchers, security companies, nonprofits, and former state and local election officials.
The heart of the forum lies in its unique approach. Election technology manufacturers generously provided security researchers access to cutting-edge election technology, including digital scanners, ballot marking devices, and electronic poll books. What set this initiative apart was that these technologies featured newly developed configurations of resident software, and they were made available under the principles of coordinated vulnerability disclosure (CVD).
Casey Ellis, Founder and CTO of Bugcrowd, who is also on the advisory board of the Election Security Research Forum, summarized the significance of the event:
"In my opinion, the biggest takeaway from the event was that security researchers and voting service providers can find common ground quickly and collaborate effectively to continuously look for and identify vulnerabilities, and to inform secure design by incorporating breaker-feedback into builder processes. What I enjoyed most was watching the lights come on for both audiences: As hackers in the room understood the complexity and gravity of election systems as a security target, and as the voting service providers got to see and understand the hacker mindset in action.
What I found noteworthy was that the vendors in the room were actively welcoming security research, and working hand-in-hand with hackers to identify new and novel risks. The reality is that security research happens whether the vendors invite it or not, so this shift in relationship and approach takes advantage of the existing dynamics of the Internet in order to make the democratic process more resilient, and more trustworthy. Ultimately, all vendors and every organization associated with the democratic process should be doing this.
What do I hope comes from this program? Personally, it's the normalization of the fact that election systems are no different from any other computer system. The fact that they aren't perfect is a product of the fact that they are built by people. Normalizing the input of those who 'think bad, but do good' in the form of good-faith hackers reinforces this story out to non-technical voters, and at the same time as it finds actual vulnerabilities to fix, it also helps to establish confidence in the overall democratic apparatus."
The three-day event concluded with discussions on various aspects of America's election infrastructure and how to leverage the momentum generated by the forum to enhance election security and resilience.
The Election Security Research Forum represents a pivotal moment in the ongoing efforts to secure the democratic process. By promoting collaboration, transparency, and the acceptance of security research as an integral part of election system development, it strives to ensure that elections remain a bastion of trust and integrity in our increasingly digital world.
Follow SecureWorld News for more stories related to cybersecurity.
