Independent Testing Authority

Pennsylvania Department of State Certifies Third New Voting System with Paper Trail and Advanced Security

Retrieved on: 
Wednesday, January 2, 2019

To attain Pennsylvania certification, a system must meet the Department of State's updated security and accessibility standards and also be certified by the federal Election Assistance Commission .

Key Points: 
  • To attain Pennsylvania certification, a system must meet the Department of State's updated security and accessibility standards and also be certified by the federal Election Assistance Commission .
  • There are two additional systems now undergoing certification testing, and one system expected to be submitted for testing in January.
  • In April, the department informed counties they have until the end of 2019 to select new voting systems that provide a paper record.
  • Governor Wolf has committed to seeking state funding for at least half of the counties' cost for new voting systems.

U.S. EAC Voting System Standards Fail to Protect Systems In Penetration Security Tests

Retrieved on: 
Thursday, November 1, 2018

The firm found that its team of penetration testers was able to reverse engineer voting media and replace software in voting systems with a program that emulates it, but recompiled with malicious logic, instructs it to record malicious votesdespite the systems having passed EAC voting system standards.

Key Points: 
  • The firm found that its team of penetration testers was able to reverse engineer voting media and replace software in voting systems with a program that emulates it, but recompiled with malicious logic, instructs it to record malicious votesdespite the systems having passed EAC voting system standards.
  • Coalfire found additional vulnerabilities across end-to-end voting process and infrastructure and a lack of cybersecurity rigor in the Voluntary Voting System Guidelines (VVSG) 1.1 standard issued by the EAC.
  • Coalfire's analysis was derived from expert security assessments and penetration testing against voting networks and systems across 10 states.
  • The report explains specificsecurity vulnerabilities found in voting machines and in the electronic voting infrastructure overall, describing where the VVSG 1.1 framework falls short and where the penetration tests failed in voting systems.