cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

Best practices for securing election systems

The US DHS has released Security Tip (ST19-001), Best practices for securing election systems.

 

This is kind of like providing best practices for playing chicken, or cliff diving into unknown waters at night.  The best practice is

 

DON'T DO IT!

 

OK, the tips listed are reasonable, if fairly banal, suggestions for securing any kind of information system.  Any kind of unimportant information system.

 

Oh, and they missed an important entry in the resources section:

http://catless.ncl.ac.uk/Risks/search?query=voting


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
1 Reply
Advocate II

Re: Best practices for securing election systems


@rslade wrote:

The US DHS has released Security Tip (ST19-001), Best practices for securing election systems.

 

MY GAWD, what a waste of government resources. That Security Tip is nothing more than a generic set of best practices for managing security of any computer network infrastructure.

 

The complete election system has a number of separate subsystems, some of which can be supported with computer and network systems. A true "election system security guide' would name each of these component process systems and have specific information (no just compete) security advice for each. The basic component processess of any election system are the following:

1. Voter registration process system.

2. Voter registry record set

3. Ballot creation system

4. Ballot distribution system

5. Voter validity check upon distribution of ballots or appearance at polling place

6. Ballot marking process

7. Ballot marking recording process (at local polling place or central location after ballot transportation)

8. Ballot tabulation process

9. Ballot tabulation reporting process

10. Ballot tabulation accumulation.

 

Each of these process needs a system of action, with security processes embedded, preferably using at least the full Parkerian Hexad as the framework for each set of security guides.

 

Now, anyone want to build out this described 'election system security tip?

 

I am inferring that  @rslade  Grandpa Rob's injunction of 

 

DON'T DO IT!

 

is specifically referring to the steps of marking and recording the ballot details.

At least some of the above processes can be safely supported by meaningfully architected computer systems.

 

(The above comment is adapted from my blog at https://cragins.blogspot.com/2019/05/dhs-security-tip-19-001-best-practices.html)

 

 

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile