Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving U.S. Voting Systems Security Breakout Session Improving U.S. Voting Systems Andrew Regenscheid National Institute.

Published byGwenda Strickland Modified over 8 years ago

Similar presentations

Presentation on theme: "Improving U.S. Voting Systems Security Breakout Session Improving U.S. Voting Systems Andrew Regenscheid National Institute."— Presentation transcript:

1 Improving U.S. Voting Systems Security Breakout Session Improving U.S. Voting Systems Andrew Regenscheid Andrew.Regenscheid@nist.gov National Institute of Standards and Technology

2 Security Breakout Charge: What should go into the security sections of a next- generation VVSG? What are your priorities? What problem areas or threats concern you most? Session participants discussed questions in 5 subgroups before returning as a group. TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 2

3 Topic Areas Monitoring/Logging Physical Security Documentation Risk Management TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 3 Auditability Access Control Software Security Data Security

4 Major Themes Risk Management Auditability Communications TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 4

5 Risk Management Clear interest in risk assessments in voting systems Participants believed this would: Encourage security from the start Allow for higher-level, more flexible requirements. Have the greatest impact on security Risk assessments could provide election officials with more information for risk decisions But, significant questions remain on implementation TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 5

6 Potential Issues Implications of high-level requirements Conformance testing vs. security assessment Repeatability of tests Cost of testing Make-up of security testing/evaluation teams? Who defines the acceptable level of risk (and how)? TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 6

7 Auditability Participants recognized importance of auditability, but desired flexibility to accommodate: Different systems Varying procedures/laws by States Some identified voter verifiability and post- election audits as priority areas Noted tension between security and U&A Future guidelines should align with 2011 TGDC Auditability Working Group report TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 7

8 Auditability Working Group Auditability Definition: The transparency of a voting system with regards to the ability to verify that it has operated correctly in an election, and to identify the cause if it has not. “The Auditability Working Group found no alternative that does not have as a likely consequence either an effective requirement for paper records or the possibility of undetectable errors in the recording of votes.” -- Executive Summary of the Auditability Working Group Report TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 8

9 Communications Highly contentious topic Some said to avoid telecommunications at all cost Others noted it was a “fact of life,” particularly for reporting Recommendation to revisit requirements for clarity and look for unintended consequences TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 9

10 Other Topics (1) Access Control: Important, particularly for tracking access to critical functions/data Software Security: Some desired access to source code Use existing standards for software quality and quality assurance programs How can the program accommodate timely patches for vulnerabilities/bugs? TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 10

11 Other Topics (2) Data Security: NIST cryptographic standards/guidelines provide building blocks If ePollbooks are used, there are new privacy considerations Monitoring/Logging: Jurisdictions may not know how to use logs effectively A common data format for logs could spur development of tools to parse logs TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 11

12 Questions TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 12

Download ppt "Improving U.S. Voting Systems Security Breakout Session Improving U.S. Voting Systems Andrew Regenscheid National Institute."

Similar presentations

Software Quality Assurance Plan

Software Quality Assurance Plan
TGDC Meeting, December 2011 Usability and Accessibility (U&A) Research Update Sharon J. Laskowski, Ph.D.

TGDC Meeting, December 2011 Usability and Accessibility (U&A) Research Update Sharon J. Laskowski, Ph.D.
12/9-10/2009 TGDC Meeting Ballot On Demand David Flater National Institute of Standards and Technology

12/9-10/2009 TGDC Meeting Ballot On Demand David Flater National Institute of Standards and Technology
A technical analysis of the VVSG 2007 Stefan Popoveniuc George Washington University The PunchScan Project.

A technical analysis of the VVSG 2007 Stefan Popoveniuc George Washington University The PunchScan Project.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL

TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
© Copyright 2009 TEM Consulting, LP - All Rights Reserved Presentation To Travis County, TX - May 27, 2009Rev 1 – 05/22/09 - HSB US Voting System Conformity.

© Copyright 2009 TEM Consulting, LP - All Rights Reserved Presentation To Travis County, TX - May 27, 2009Rev 1 – 05/22/09 - HSB US Voting System Conformity.
Business Assurance Service An explanation of risk based auditing and reporting Anthony Garnett, Head of BAS February 2008.

Business Assurance Service An explanation of risk based auditing and reporting Anthony Garnett, Head of BAS February 2008.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Bureau of Workers’ Comp PA Training for Health & Safety (PATHS)

Bureau of Workers’ Comp PA Training for Health & Safety (PATHS)
Purpose of the Standards

Purpose of the Standards
Frequently Asked Questions (FAQ) prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9.

Frequently Asked Questions (FAQ) prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9.
United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.

United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.
Voting System Qualification How it happens and why.

Voting System Qualification How it happens and why.
12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology

12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology
TGDC Meeting, December 2011 Andrew Regenscheid National Institute of Standards and Technology Update on UOCAVA Risk Assessment by.

TGDC Meeting, December 2011 Andrew Regenscheid National Institute of Standards and Technology Update on UOCAVA Risk Assessment by.
TGDC Meeting, Jan 2011 UOCAVA Pilot Projects for the 2012 Federal Election Report from the UOCAVA Working Group Andrew Regenscheid National Institute of.

TGDC Meeting, Jan 2011 UOCAVA Pilot Projects for the 2012 Federal Election Report from the UOCAVA Working Group Andrew Regenscheid National Institute of.
TGDC Meeting, July 2011 Overview of July TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards, ITL

TGDC Meeting, July 2011 Overview of July TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards, ITL
TGDC Meeting, July 2011 Update on the UOCAVA Working Group Andrew Regenscheid Mathematician, Computer Security Division, ITL

TGDC Meeting, July 2011 Update on the UOCAVA Working Group Andrew Regenscheid Mathematician, Computer Security Division, ITL
Election Assistance Commission United States VVSG 1.1 www.eac.gov 1 Technical Guidelines Development Committee (TGDC) NIST July 20, 2015 Gaithersburg,

Election Assistance Commission United States VVSG Technical Guidelines Development Committee (TGDC) NIST July 20, 2015 Gaithersburg,

Similar presentations

Ads by Google