Senate Intelligence Committee members raise concerns about voting system vulnerabilities

Senate Intelligence Committee members raise concerns about voting system vulnerabilities
© Getty Images

A bipartisan group of lawmakers on the Senate Intelligence Committee raised concerns Wednesday about the election voting systems provided by one of the largest vendors in the United States, questioning whether the company is doing enough to safeguard itself from hackers. 

Four committee members wrote in a letter they were disappointed that Election Systems & Software (ES&S) has not agreed to undergo independent testing to determine the security level of its systems.

The letter comes after an annual hacking conference earlier this month appeared to reveal security vulnerabilities in ES&S voting systems.


"We are concerned that ES&S and other election system providers may not be prepared for the growing threats to our elections,” Senate Intelligence Committee Vice Chairman Mark WarnerMark Robert WarnerAdvocates call on top Democrats for 0B in housing investments Democrats draw red lines in spending fight Manchin puts foot down on key climate provision in spending bill MORE (D-Va.) and Sens. Susan CollinsSusan Margaret CollinsWelcome to ground zero of climate chaos A tale of two chambers: Trump's power holds in House, wanes in Senate Bipartisan blip: Infrastructure deal is last of its kind without systemic change MORE (R-Maine), James LankfordJames Paul LankfordGOP senator: Buying Treasury bonds 'foolish' amid standoff over debt ceiling, taxes Florida senator seeks probe of Ben & Jerry's halting sales in Israeli settlements Senate Democrats try to defuse GOP budget drama MORE (R-Okla.), and Kamala HarrisKamala HarrisRepublicans caught in California's recall trap Harris facilitates coin toss at Howard University football game Far-right rally draws small crowd, large police presence at Capitol MORE (D-Calif.) wrote in a letter to the company.

The senators criticized ES&S for its refusal to allow independent testing of its systems at the popular DEFCON convention, where hackers attempted to find ways to exploit voting technology.

"We are disheartened that ES&S chose to dismiss these demonstrations as unrealistic and that your company is not supportive of independent testing," the lawmakers wrote in their letter to CEO Tom Burt. "We believe that independent testing is one of the most effective ways to understand and address potential cybersecurity risks.”

Sen. Ron WydenRonald (Ron) Lee WydenWant a clean energy future? Look to the tax code Democrats brace for toughest stretch yet with Biden agenda Lawmakers lay out arguments for boosting clean energy through infrastructure MORE (D-Ore.), a member of the Intelligence panel, separately slammed ES&S on Wednesday for failing to provide answers to basic questions about its cybersecurity practices.

“It is inexcusable that American democracy depends on hackable voting technology made by a handful of companies that have evaded oversight and stonewalled Congress. That must end,” Wyden said during a Senate Rules Committee hearing, according to a transcript of his remarks.

Wyden and other lawmakers became alarmed by some of the company's practices after The New York Times reported in February that ES&S had installed remote access software onto the voting technology it sold. The company later admitted to installing such software on a "small number" of election management systems between 2000 and 2006.

ES&S quickly pushed back on the lawmakers' claims that they do not independently test their products. 

"Any assertion that our products are not thoroughly and independently tested is erroneous," the company said in a statement. "In fact, ES&S products are certified by the U.S. government, which conducts testing independent of our own testing. In addition, our products are tested by a number of third-party experts."

The election systems company offered to meet with each senator to discuss how they could take further measures to ensure U.S. elections are secure.

"We look forward to fully addressing each question expressed in their letter, and extend an invitation to each Senator to meet with us to discuss all of the protective steps we have taken and continue to take to ensure the integrity of America’s democracy," the statement continues.

The criticism from the senators comes amid heightened fear that foreign adversaries may seek to interfere in the 2018 midterm elections and other subsequent U.S. elections.

“As members of the United States Senate Select Committee on Intelligence, we agree with the conclusion of the Intelligence Community: America’s elections are the target of unprecedented attacks by foreign adversaries,” the four senators wrote in their letter to Burt. “Free, fair, and trusted elections are the bedrock of our democracy, and safeguarding our elections is an urgent national security priority."

Microsoft announced earlier this week that it had shut down six websites created by a hacking group known as "Fancy Bear," which has been linked to Russia's intelligence agency. The hackers targeted two conservative think tanks that have been critical of the Kremlin, in addition to targeting the U.S. Senate, though Microsoft said the attacks were not specific to a "particular" office or senator.

Fancy Bear is an active, powerful hacking group whose attacks have included the successful hack of the Democratic National Committee (DNC) in 2016.

Special counsel Robert MuellerRobert (Bob) MuellerSenate Democrats urge Garland not to fight court order to release Trump obstruction memo Why a special counsel is guaranteed if Biden chooses Yates, Cuomo or Jones as AG Barr taps attorney investigating Russia probe origins as special counsel MORE, who is investigating Russian interference in the 2016 election, indicted a dozen Russian intelligence officials for their involvement in the DNC hack.

-- Updated 5:35 p.m.