Improving U.S. Voting Systems Security Breakout Session Improving U.S. Voting Systems Andrew Regenscheid National Institute.

Slides:



Advertisements
Similar presentations
Software Quality Assurance Plan
Advertisements

TGDC Meeting, December 2011 Usability and Accessibility (U&A) Research Update Sharon J. Laskowski, Ph.D.
12/9-10/2009 TGDC Meeting Ballot On Demand David Flater National Institute of Standards and Technology
A technical analysis of the VVSG 2007 Stefan Popoveniuc George Washington University The PunchScan Project.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
TGDC Meeting, July 2011 Review of VVSG 1.1 Nelson Hastings, Ph.D. Technical Project Leader for Voting Standards, ITL
© Copyright 2009 TEM Consulting, LP - All Rights Reserved Presentation To Travis County, TX - May 27, 2009Rev 1 – 05/22/09 - HSB US Voting System Conformity.
Business Assurance Service An explanation of risk based auditing and reporting Anthony Garnett, Head of BAS February 2008.
Computer Security: Principles and Practice
Bureau of Workers’ Comp PA Training for Health & Safety (PATHS)
Purpose of the Standards
Frequently Asked Questions (FAQ) prepared by some members of the ICH Q9 EWG for example only; not an official policy/guidance July 2006, slide 1 ICH Q9.
United States Election Assistance Commission Pilot Program Testing and Certification Manual & UOCAVA Pilot Program Testing and Certification Manual & UOCAVA.
Voting System Qualification How it happens and why.
12/9-10/2009 TGDC Meeting TGDC Recommendations Research as requested by the EAC John P. Wack National Institute of Standards and Technology
TGDC Meeting, December 2011 Andrew Regenscheid National Institute of Standards and Technology Update on UOCAVA Risk Assessment by.
TGDC Meeting, Jan 2011 UOCAVA Pilot Projects for the 2012 Federal Election Report from the UOCAVA Working Group Andrew Regenscheid National Institute of.
TGDC Meeting, July 2011 Overview of July TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards, ITL
TGDC Meeting, July 2011 Update on the UOCAVA Working Group Andrew Regenscheid Mathematician, Computer Security Division, ITL
Election Assistance Commission United States VVSG Technical Guidelines Development Committee (TGDC) NIST July 20, 2015 Gaithersburg,
TGDC Meeting, July 2011 Usability and Accessibility Test Methods: Preliminary Findings on Validation Sharon Laskowski, Ph.D. Manager, NIST Visualization.
TGDC Meeting, Jan 2011 VVSG 2.0 and Beyond: Usability and Accessibility Issues, Gaps, and Performance Tests Sharon Laskowski, PhD National Institute of.
Evolving IT Framework Standards (Compliance and IT)
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
NIST HAVA-Related Work: Status and Plans June 16, 2005 National Institute of Standards and Technology
Sysoft eRFP Group Decision Support System. eRFP is flexible and productive Every RFP is different Agencies have somewhat different processes Procurement.
12/9-10/2009 TGDC Meeting NIST Research on UOCAVA Voting Andrew Regenscheid National Institute of Standards and Technology
IEEE P1622 Meeting, Feb 2011 Common Data Format (CDF) Update John P. Wack National Institute of Standards and Technology
Usability and Accessibility Working Group Report Sharon Laskowski, PhD National Institute of Standards and Technology TGDC Meeting,
Briefing for NIST Acting Director James Turner regarding visit from EAC Commissioners March 26, 2008 For internal use only 1.
NIST Voting Program Activities Update February 21, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division.
Integrated Risk Management Charles Yoe, PhD Institute for Water Resources 2009.
TGDC Meeting, Jan 2011 Accessibility and Usability Considerations for UOCAVA Remote Electronic Voting Systems Sharon Laskowski, PhD National Institute.
12/9-10/2009 TGDC Meeting Auditing concepts David Flater National Institute of Standards and Technology
TGDC Meeting, Jan 2011 Auditability Working Group David Flater National Institute of Standards and Technology r4.
Professional Certificate in Electoral Processes Understanding and Demonstrating Assessment Criteria Facilitator: Tony Cash.
How and what to observe in e-enabled elections Presentation by Mats Lindberg, Election Adviser, Organisation for Security and Co-operation in Europe (OSCE)
SOFTWARE PROJECT MANAGEMENT
Oct 15-17, : Integratability and Data Export Page 1Next VVSG Training Voting devices must speak (produce records) using a commonly understood language,
TGDC Meeting, July 2010 Report of the UOCAVA Working Group John Wack National Institute of Standards and Technology DRAFT.
NIST Voting Program Page 1 NIST Voting Program Lynne Rosenthal National Institute of Standards and Technology
TGDC Meeting, December 2011 Overview of December TGDC Meeting Belinda L. Collins, Ph.D. Senior Advisor, Voting Standards
Business Analysis. Business Analysis Concepts Enterprise Analysis ► Identify business opportunities ► Understand the business strategy ► Identify Business.
NIST Voting Program Barbara Guttman 12/6/07
Project management Topic 1 Project management principles.
TGDC Meeting, Jan 2011 Help America Vote Act (HAVA) Roadmap Nelson Hastings National Institute of Standards and Technology
TGDC Meeting, July 2010 Report on Other Resolutions from Dec 2009 TGDC Meeting John Wack National Institute of Standards and Technology
© Copyright 2005 TEM Consulting, LP - All Rights Reserved Presentation To EAC Aug. 23, 2005 Hearing, Denver, CORev 1 – 08/16/05 - HSB Considerations In.
TGDC Meeting, July 2010 Report on Logging Requirements in VVSG 2.0 Nelson Hastings National Institute of Standards and Technology
TGDC Meeting, Jan 2011 Common Data Format (CDF) Update John P. Wack National Institute of Standards and Technology
NIST Voting Program Activities Update January 4, 2007 Mark Skall Chief, Software Diagnostics and Conformance Testing Division.
Next VVSG Training Standards 101 October 15-17, 2007 Mark Skall National Institute of Standards and Technology
1 DECEMBER 9-10, 2009 Gaithersburg, Maryland TECHNICAL GUIDELINES DEVELOPMENT COMMITTEE Commissioner Donetta Davidson.
Project Management Strategies Hidden in the CMMI Rick Hefner, Northrop Grumman CMMI Technology Conference & User Group November.
TGDC Meeting, July 2010 Overview of NIST Activities and TGDC Meeting Agenda Martin Herman, PhD National Institute of Standards and Technology
Creating Accessibility, Usability and Privacy Requirements for the Voluntary Voting System Guidelines (VVSG) Whitney Quesenbery TGDC Member Chair, Subcommittee.
TGDC Meeting, Jan 2011 Development of High Level Guidelines for UOCAVA voting systems Andrew Regenscheid National Institute of Standards and Technology.
TGDC Meeting, Jan 2011 Path Forward for FY11 UOCAVA Activities Nelson Hastings National Institute of Standards and Technology
Election Assistance Commission 1 Technical Guidelines Development Committee Meeting Post-HAVA Voting System Requirements – Federal Perspective February.
Briefing for the EAC Public Meeting Boston, Massachusetts April 26, 2005 Dr. Hratch Semerjian, Acting Director National Institute of Standards and Technology.
Next VVSG Training Security: Testing Requirements October 15-17, 2007 Nelson Hastings Alicia Clay Jones National Institute of Standards and Technology.
TGDC Pre-Meeting July , 2015 NIST Facility - Gaithersburg, Maryland Members : Designated Federal Official Matthew V. Masterson, EAC Commissioner,
Technology Services – National Institute of Standards and Technology Conformity Assessment ANSI-HSSP Workshop Emergency Communications December 2, 2004.
TGDC Meeting, Jan 2011 Report from Workshop on UOCAVA Remote Voting Systems Nelson Hastings National Institute of Standards and Technology
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
12/9-10/2009 TGDC Meeting Alternatives to Software Independence Nelson Hastings National Institute of Standards and Technology
The VVSG 2005 Revision Overview EAC Standards Board Meeting February 26-27, 2009 John P. Wack NIST Voting Program National Institute.
National Institute of Standards and Technology
Monitoring and Evaluation Systems for NARS organizations in Papua New Guinea Day 4. Session 12. Risk Management.
Data Architecture World Class Operations - Impact Workshop.
Presentation transcript:

Improving U.S. Voting Systems Security Breakout Session Improving U.S. Voting Systems Andrew Regenscheid National Institute of Standards and Technology

Security Breakout Charge: What should go into the security sections of a next- generation VVSG? What are your priorities? What problem areas or threats concern you most? Session participants discussed questions in 5 subgroups before returning as a group. TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 2

Topic Areas Monitoring/Logging Physical Security Documentation Risk Management TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 3 Auditability Access Control Software Security Data Security

Major Themes Risk Management Auditability Communications TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 4

Risk Management Clear interest in risk assessments in voting systems Participants believed this would: Encourage security from the start Allow for higher-level, more flexible requirements. Have the greatest impact on security Risk assessments could provide election officials with more information for risk decisions But, significant questions remain on implementation TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 5

Potential Issues Implications of high-level requirements Conformance testing vs. security assessment Repeatability of tests Cost of testing Make-up of security testing/evaluation teams? Who defines the acceptable level of risk (and how)? TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 6

Auditability Participants recognized importance of auditability, but desired flexibility to accommodate: Different systems Varying procedures/laws by States Some identified voter verifiability and post- election audits as priority areas Noted tension between security and U&A Future guidelines should align with 2011 TGDC Auditability Working Group report TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 7

Auditability Working Group Auditability Definition: The transparency of a voting system with regards to the ability to verify that it has operated correctly in an election, and to identify the cause if it has not. “The Auditability Working Group found no alternative that does not have as a likely consequence either an effective requirement for paper records or the possibility of undetectable errors in the recording of votes.” -- Executive Summary of the Auditability Working Group Report TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 8

Communications Highly contentious topic Some said to avoid telecommunications at all cost Others noted it was a “fact of life,” particularly for reporting Recommendation to revisit requirements for clarity and look for unintended consequences TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 9

Other Topics (1) Access Control: Important, particularly for tracking access to critical functions/data Software Security: Some desired access to source code Use existing standards for software quality and quality assurance programs How can the program accommodate timely patches for vulnerabilities/bugs? TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 10

Other Topics (2) Data Security: NIST cryptographic standards/guidelines provide building blocks If ePollbooks are used, there are new privacy considerations Monitoring/Logging: Jurisdictions may not know how to use logs effectively A common data format for logs could spur development of tools to parse logs TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 11

Questions TGDC Meeting July 20 – 21, 2015 Improving U.S. Voting Systems 12