[ad_1]
Congress is shifting nearer to placing US election know-how beneath a stricter cybersecurity microscope.
Embedded inside this 12 months’s Intelligence Authorization Act, which funds intelligence companies just like the CIA, is the Strengthening Election Cybersecurity to Uphold Respect for Elections by means of Impartial Testing (SECURE IT) Act, which might require penetration testing of federally licensed voting machines and poll scanners, and create a pilot program exploring the feasibility of letting impartial researchers probe all method of election methods for flaws.
The SECURE IT Act—originally introduced by US senators Mark Warner, a Virginia Democrat, and Susan Collins, a Maine Republican—might considerably enhance the safety of key election know-how in an period when international adversaries stay intent on undermining US democracy.
“This laws will empower our researchers to suppose the way in which our adversaries do, and expose hidden vulnerabilities by trying to penetrate our methods with the identical instruments and strategies utilized by unhealthy actors,” says Warner, who chairs the Senate Intelligence Committee.
The brand new push for these packages highlights the truth that whilst election safety considerations have shifted to extra visceral risks akin to loss of life threats in opposition to county clerks, polling-place violence, and AI-fueled disinformation, lawmakers stay frightened about the potential of hackers infiltrating voting methods, that are considered critical infrastructure however are flippantly regulated in comparison with different important industries.
Russia’s interference within the 2016 election shined a highlight on threats to voting machines, and regardless of main enhancements, even modern machines can be flawed. Consultants have constantly pushed for tighter federal requirements and extra impartial safety audits. The brand new invoice makes an attempt to handle these considerations in two methods.
The primary provision would codify the US Election Help Fee’s recent addition of penetration testing to its certification course of. (The EAC recently overhauled its certification requirements, which cowl voting machines and poll scanners and which many states require their distributors to satisfy.)
Whereas earlier testing merely verified whether or not machines contained specific defensive measures—akin to antivirus software program and knowledge encryption—penetration testing will simulate real-world assaults meant to seek out and exploit the machines’ weaknesses, probably yielding new details about critical software program flaws.
“Individuals have been calling for necessary [penetration] testing for years for election gear,” says Edgardo Cortés, a former Virginia elections commissioner and an adviser to the election safety crew at New York College’s Brennan Middle for Justice.
The invoice’s second provision would require the EAC to experiment with a vulnerability disclosure program for election know-how—together with methods that aren’t topic to federal testing, akin to voter registration databases and election outcomes web sites.
Vulnerability disclosure programs are primarily treasure hunts for civic-minded cyber consultants. Vetted contributors, working beneath clear guidelines about which of the organizer’s pc methods are truthful recreation, try to hack these methods by discovering flaws in how they’re designed or configured. They then report any flaws they uncover to the organizer, sometimes for a reward.
By permitting a various group of consultants to hunt for bugs in a variety of election methods, the Warner–Collins invoice might dramatically broaden scrutiny of the machine of US democracy.
[ad_2]
Source
