Election Infrastructure Security

High-Level Facts About Election Infrastructure Security

  • Voting equipment was contracted and purchased through a reliable past vendor, Dominion Voting Systems.
  • Four points of security back up – primary and secondary USB thumb drive, internal memory, and VVPAT (Voter Verified Paper Audit Trail).  USB thumb drives are encrypted memory devices for enhanced security.   Votes are always stored encrypted and are secure from tampering
  • Access to results storage area is secured behind a secured door with badge access security and monitored by video cameras. 
  • System requires authentication through smart cards which require PIN to unlock the encrypted data on the card.  Three levels of users: 
    • Technician (configures the device and loads election files)
    • Poll Worker (used to open poll and export logs-cannot load election files)
    • and Voter (used only for voting session activation)
  • ICX Primes keep log of all activity on the device.
  • ICX Prime voting tablets are standalone just like the old equipment.  They are not connected to each other, any networks, or Wi-Fi.
  • ICX Prime does not allow any external hardware to be connected to the tablet during official elections other than what is authorized by election officials during the pre- election Logic & Accuracy testing.
  • System does not allow any external information or link and does not allow any other information other than what is authorized by election officials which is preprogrammed into the system.
  • Security controls include access through controlled mechanisms using security credentials and authentication of authorized users.
  • Data integrity and confidentiality of security mechanisms that use NIST approved algorithms for software based encryption and decryption of data.
  • Voter Verified Paper Audit Trail (VVPAT) is still part of the process for our post-election audit. Voters will still have the ability to review their ballot in hard copy form before casting their ballot to ensure accuracy.

How can our Elections be Safe from Foreign Interference

Election security from foreign interference is not a new issue to most organizations, including the York County Elections and Voter Registration Office.  There are many precautions we take which include physical, procedural, and cyber precautions aimed to thwart and negate outside interference in our elections.

 Physical

  • Decentralized systems – voting equipment is stand alone with an isolated server.
    • The server is only accessible by authorized election staff – no other staff has key access to the locked server rack.
    • The election tally room is locked at all times and only accessible through badge access by authorized election staff only – no other staff have unsupervised access to this room.
  • There is no Wi-Fi connectivity on our voting equipment.
  • Tamper evident seals, cable locks, lock boxes, audit trails, logs, and other procedural safeguards are in place and enforced.
  • Paper Audit trails required – post election verification and audits are required and performed.

*Of special note:  Our voter registration database and voting equipment NEVER share data – HOW you vote is never connected or associated with your voter registration.  Your voter record only reflects that you appeared to vote and cast a ballot, not how you voted.

Procedural

  • We have training on the security features of our equipment.
  • Our office conforms to the York County Security Policy.
  • Audits and monitoring are performed before and after every election.
  • A Certification Board participates in and verifies pre- and post-election audits.
  • Backups and emergency plans are in place for quick reaction to any failure or incidents.
  • We perform system maintenance, monitoring, and reviews to watch for anomalies or suspicious activities or behaviors.

Cyber

  • The voting system must meet or exceed federal election standards and must be certified by the Commonwealth.
  • We verify the election tabulation and operating software and firmware for authenticity.
  • York County maintains a well trained and certified Cyber Security team, which uses modern technologies and procedures to help to protect York County’s infrastructure from common cyber threats.  Monitoring, auditing, response, and remediation; both in house, as well as with trusted security partners, are all important parts of those initiatives.

Memberships

Our membership in these organizations gives us access to resources, newsletters, information sharing, white papers, webinars, trainings, threat alerts and notifications, as well as many other resources that are tremendous assets in our efforts to identify and negate any election infrastructure threats.

  • EI-ISAC (Elections Infrastructure Information Sharing and Analysis Center)
  • MS-ISAC (Multi-State Information Sharing and Analysis Center)
  • HSIN (Homeland Security Information Network)
  • CISA (CyberSecurity & Infrastructure Security Agency)
  • CCAP (County Commissioners Association of Pennsylvania)