Major vendor of voting systems to boost security following criticism

Major vendor of voting systems to boost security following criticism
© Getty Images

A major election systems vendor on Thursday announced steps to boost the security of its products, just one day after lawmakers raised concerns that the company is not doing enough to safeguard itself from hackers.

Election Systems and Software (ES&S), which is the third largest election system vendor in the U.S., announced it will work more closely with the Department of Homeland Security (DHS) and Information Sharing and Analysis Centers (ISAC) in an effort to increase security of its systems ahead of the 2018 midterm elections.

The company in a press release said it has formed "new partnerships with multiple DHS offices that include its key cyber office known as the National Protection and Programs Directorate (NPPD) as well as the National Cybersecurity Assessment and Technical Services (NCATS). 


These federal partnerships will help "conduct cyber hygiene scans of ES&S public‐facing internet presence, monitor and share cyber threat information, detect and report indicators of compromise, develop and distribute election security best practices, and raise the election security awareness of election officials and the voting public," according to the company's press release.

ES&S also said that it will install advanced threat monitoring sensors known as Albert network security sensors in its voter registration environments in an effort to further secure its voting systems.

The company says the service, which is fully monitored at all times, helps track and then alert election officials when it detects "both traditional and advanced network threats for state and local jurisdictions."

“The latest technology and active partnerships enable ES&S, together with state and local elections officials, to strengthen the democratic process and elevate the protection of the critical elections infrastructure to a new level of security, accountability and reliability,” ES&S President and CEO Tom Burt said in a statement. 

ES&S also became members of two Information Sharing and Analysis Centers (ISAC) including the Elections Infrastructure ISAC (EI‐ISAC) and the Information Technology ISAC (IT‐ISAC), organizations that aim improve cyber threat information sharing between the private and public sector.

"Through membership in the EI‐ISAC, ES&S gains access to election‐specific threat alerts, cybersecurity awareness and training products, and tools for implementing security best practices," the press release reads.

Burt said these steps will help enhance the company's cyber protections to "ensure the integrity of the U.S. vote.

The press release comes just one day after a bipartisan group of lawmakers on the Senate Intelligence Committee raised concerns Wednesday about ES&S election voting systems, questioning whether they are doing enough to secure its systems as well as expressing disappointed that the company has not agreed to undergo independent testing to determine the security level of its systems.

"We are concerned that ES&S and other election system providers may not be prepared for the growing threats to our elections,” Senate Intelligence Committee Vice Chairman Mark Warner (D-Va.) and Sens. Susan Collins (R-Maine), James Lankford (R-Okla.), and Kamala Harris (D-Calif.) wrote in a letter to the company.

The senators had criticized ES&S for its refusal to allow independent testing of its systems at the popular annual DEFCON convention, where hackers attempted to find ways to exploit voting technology.

Warner praised ES&S's efforts, while encouraging election systems vendors in general to proactively seek to boost the security of their systems.

“This is a good start and I hope other vendors will quickly follow suit as we head into the 2018 midterm elections," Warner said in a statement to The Hill.
"More broadly, I encourage ES&S and other election system vendors, to take a proactive approach on security – including by being more receptive to the work of independent security researchers," he continued, noting that some vendors have treated "cybersecurity researchers as a nuisance or a threat.”
- Updated Friday, 9:28 a.m.