Senate Intelligence Committee members raise concerns about voting system vulnerabilities

Senate Intelligence Committee members raise concerns about voting system vulnerabilities
© Getty Images

A bipartisan group of lawmakers on the Senate Intelligence Committee raised concerns Wednesday about the election voting systems provided by one of the largest vendors in the United States, questioning whether the company is doing enough to safeguard itself from hackers. 

Four committee members wrote in a letter they were disappointed that Election Systems & Software (ES&S) has not agreed to undergo independent testing to determine the security level of its systems.

The letter comes after an annual hacking conference earlier this month appeared to reveal security vulnerabilities in ES&S voting systems.


"We are concerned that ES&S and other election system providers may not be prepared for the growing threats to our elections,” Senate Intelligence Committee Vice Chairman Mark WarnerMark Robert WarnerRussia docs order sets Trump on collision with intel community Hillicon Valley: North Korean IT firm hit with sanctions | Zuckerberg says Facebook better prepared for midterms | Big win for privacy advocates in Europe | Bezos launches B fund to help children, homeless Bipartisan trio asks US intelligence to investigate ‘deepfakes’ MORE (D-Va.) and Sens. Susan CollinsSusan Margaret CollinsCollins: My office has gotten 'pretty ugly voicemails, threats' over Kavanaugh The Memo: Tide turns on Kavanaugh Budowsky: Kavanaugh and the rights of women MORE (R-Maine), James LankfordJames Paul LankfordConservatives left frustrated as Congress passes big spending bills Outdated global postal system hurts US manufacturers Tech mobilizes to boost election security MORE (R-Okla.), and Kamala HarrisKamala Devi HarrisTrump, GOP regain edge in Kavanaugh battle Booker: It would be ‘irresponsible’ not to consider running for president Senate Democrats: Kavanaugh’s classmate must testify MORE (D-Calif.) wrote in a letter to the company.

The senators criticized ES&S for its refusal to allow independent testing of its systems at the popular DEFCON convention, where hackers attempted to find ways to exploit voting technology.

"We are disheartened that ES&S chose to dismiss these demonstrations as unrealistic and that your company is not supportive of independent testing," the lawmakers wrote in their letter to CEO Tom Burt. "We believe that independent testing is one of the most effective ways to understand and address potential cybersecurity risks.”

Sen. Ron WydenRonald (Ron) Lee WydenWyden says foreign hackers targeted personal accounts of senators, staffers Some employees' personal data revealed in State Department email breach: report Hillicon Valley: North Korean IT firm hit with sanctions | Zuckerberg says Facebook better prepared for midterms | Big win for privacy advocates in Europe | Bezos launches B fund to help children, homeless MORE (D-Ore.), a member of the Intelligence panel, separately slammed ES&S on Wednesday for failing to provide answers to basic questions about its cybersecurity practices.

“It is inexcusable that American democracy depends on hackable voting technology made by a handful of companies that have evaded oversight and stonewalled Congress. That must end,” Wyden said during a Senate Rules Committee hearing, according to a transcript of his remarks.

Wyden and other lawmakers became alarmed by some of the company's practices after The New York Times reported in February that ES&S had installed remote access software onto the voting technology it sold. The company later admitted to installing such software on a "small number" of election management systems between 2000 and 2006.

ES&S quickly pushed back on the lawmakers' claims that they do not independently test their products. 

"Any assertion that our products are not thoroughly and independently tested is erroneous," the company said in a statement. "In fact, ES&S products are certified by the U.S. government, which conducts testing independent of our own testing. In addition, our products are tested by a number of third-party experts."

The election systems company offered to meet with each senator to discuss how they could take further measures to ensure U.S. elections are secure.

"We look forward to fully addressing each question expressed in their letter, and extend an invitation to each Senator to meet with us to discuss all of the protective steps we have taken and continue to take to ensure the integrity of America’s democracy," the statement continues.

The criticism from the senators comes amid heightened fear that foreign adversaries may seek to interfere in the 2018 midterm elections and other subsequent U.S. elections.

“As members of the United States Senate Select Committee on Intelligence, we agree with the conclusion of the Intelligence Community: America’s elections are the target of unprecedented attacks by foreign adversaries,” the four senators wrote in their letter to Burt. “Free, fair, and trusted elections are the bedrock of our democracy, and safeguarding our elections is an urgent national security priority."

Microsoft announced earlier this week that it had shut down six websites created by a hacking group known as "Fancy Bear," which has been linked to Russia's intelligence agency. The hackers targeted two conservative think tanks that have been critical of the Kremlin, in addition to targeting the U.S. Senate, though Microsoft said the attacks were not specific to a "particular" office or senator.

Fancy Bear is an active, powerful hacking group whose attacks have included the successful hack of the Democratic National Committee (DNC) in 2016.

Special counsel Robert MuellerRobert Swan MuellerSasse: US should applaud choice of Mueller to lead Russia probe MORE, who is investigating Russian interference in the 2016 election, indicted a dozen Russian intelligence officials for their involvement in the DNC hack.

-- Updated 5:35 p.m.