• Skip to main content

ITSecurity.org

Technology Security Controls

  • Main
  • Products
  • Services
    • Compliance-Services
      • ISO27001 Compliance
      • ISO22301 Compliance
      • ISO27002 Compliance
      • Data-Protection
      • GDPR
      • PCI-DSS Services
    • Identity and Access Management Services
      • IAM Design
      • IAM Policies & Standards
    • Incident Management Services
      • Emergency Incident Response
      • Forensic Support
      • Incident Response
    • Information Security Services
      • Information Security Consultancies
      • Information Security Governance Services
      • Information Security Policies & Standards
    • IT Risk Management Services
      • Risk Management Framework
      • Auditing
    • IT Security Consulting Services
      • IT Security Governance Services
      • IT Security Policies and Standards
    • Additional Security Services
      • Managed Security Services
      • Mobile Security
      • Network Security Services
    • Physical Security Services
      • Physical Security Reviews
    • Policies and Standards Services
    • Programme and Project Services
    • Risk Management Services
      • Risk Management – Framework
      • Risk Management Acceptance & Waivers
    • Security Awareness Services
      • Security Awareness – Phishing Responses
      • Phishing Responses
      • Security Awareness Training – Rebranded Security Training
      • Security Awareness Training – Generic
    • Security Design Services
      • All Security Design and Architectural Services
      • Cloud Security Review
      • Security Appliance Design and Configuration
    • Security Metrics Services
    • Technical Security Assessment Services
      • Penetration Testing – Our Penetration Test Services
      • Database Security – Databases and Repositories
      • Application Security Code Testing
      • Application Security Services
    • Third-Party and Supplier Assurance Services
      • Third and Supplier Party Assurance Methodology
      • Third and Supplier Party Assurance Review
      • Joint Venture Due Diligence
  • Security Digest
  • FAQ
  • Contact Us

More on the Security of the 2020 US Election

November 23, 2020 by ITSecurity.Org Ltd

Last week I signed on to two joint letters about the security of the 2020 election. The first was as one of 59 election security experts, basically saying that while the election seems to have been both secure and accurate (voter suppression notwithstanding), we still need to work to secure our election systems:

We are aware of alarming assertions being made that the 2020 election was “rigged” by exploiting technical vulnerabilities. However, in every case of which we are aware, these claims either have been unsubstantiated or are technically incoherent. To our collective knowledge, no credible evidence has been put forth that supports a conclusion that the 2020 election outcome in any state has been altered through technical compromise.

That said, it is imperative that the US continue working to bolster the security of elections against sophisticated adversaries. At a minimum, all states should employ election security practices and mechanisms recommended by experts to increase assurance in election outcomes, such as post-election risk-limiting audits.

The New York Times wrote about the letter.

The second was a more general call for election security measures in the US:

Obviously elections themselves are partisan. But the machinery of them should not be. And the transparent assessment of potential problems or the assessment of allegations of security failure — even when they could affect the outcome of an election — must be free of partisan pressures. Bottom line: election security officials and computer security experts must be able to do their jobs without fear of retribution for finding and publicly stating the truth about the security and integrity of the election.

These pile on to the November 12 statement from Cybersecurity and Infrastructure Security Agency (CISA) and the other agencies of the Election Infrastructure Government Coordinating Council (GCC) Executive Committee. While I’m not sure how they have enough comparative data to claim that “the November 3rd election was the most secure in American history,” they are certainly credible in saying that “there is no evidence that any voting system deleted or lost votes, changed votes, or was in any way compromised.”

We have a long way to go to secure our election systems from hacking. Details of what to do are known. Getting rid of touch-screen voting machines is important, but baseless claims of fraud don’t help.

Tags: cybersecurity, infrastructure, national security policy, voting

Filed Under: cybersecurity, infrastructure, IT Security, national security policy, Uncategorized, voting

Contact Us

If there's any way we can help, please let us know
Call: +44 01606 642307