introduction to information technology for election officials · pdf fileintroduction to...

Introduction to Information Technology for

Election Officials

Florida Pensacola FL

August 1, 2017

© 2017

1

Instructors

Merle S. King

Center for Election Systems Kennesaw State University

Brian J. Hancock

Testing and Certification U.S. Election Assistance

Commission

Matt Masterson

Commissioner U.S. Election Assistance

Commission

The opinions expressed in this presentation are solely those of the authors/instructors and not necessarily those of the EAC, Kennesaw State University, or the host election jurisdiction.

2

Course Topics

• Course Intro • Introduction to IT and Systems • Being an IT Manager • Technology & the Office • Election Technology • Procuring IT • Security • Critical Infrastructure (CI) • The Future

3

Yesterday’s Headlines (Nov. 7, 2016)

4

Since the November 2016 Election

5

0.0

21?

7

0.0

21?

8

0.0

21?

9

0.0

21?

10

Ripped from Today’s Headlines!

12

0.0

21?

Introduction to Information Technology for Election Officials Elephants In The Room

14

Introduction to Information Technology for Election Officials Elephants In The Room

• Security of Voter Registration Systems • Security of Voting Systems • Aging Voting Systems • Who’s Going to Pay For the Next System? • Redistricting • Audits/Risk Limiting Audits • Critical Infrastructure • Each of these topics has political, legal and

economic implications. What are the Information Technology issues imbedded in each of these topics?

15

Introduction to Information Technology for Election Officials Elephants In The Room – IT issues

Group Exercise: Many of the challenges faced by election officials are systemic and historical. Improving voter participation and insufficient budgets appear regularly in lists of issues faced by election officials across the country. While many of the issues we face are recurring, others are unique and unanticipated. Each election cycle brings a combination of old and new issues. Work within your group to identify issues that have emerged in the last year that impact your office and its conduct of elections. Identify both the issue and its impact. Is there an Information Technology (IT) dimension to any of these issues? Which (if any) of these issues will be present in the upcoming election cycle(s)? Which have the potential to become permanent or recurring issues? What (if any) mitigations are available to address these issues? Is there an IT dimension to the mitigation?

16

“Everything should be made as simple as possible, but no simpler.”

-Albert Einstein

Information Technology for Election Officials

17

Introduction to Information Technology for Election Officials Core Competencies

In 2017, what are the Core Competencies of an Election Administrator? • Lawyer – must know election law and how it is

implemented within the jurisdiction • HR Specialist – must know how to recruit, train,

compensate and evaluate election workers • Communication Officer – must know how to

compose precise and persuasive communications across a spectrum of platforms

• Accountant – must know how to create operating budgets and make less, go further

18


Core Competencies (cont.) • Auditor – must be able to create and implement

audit programs to identify and correct errors to improve efficiency and effectiveness of operations

• Trainer – must be able to develop and implement training programs for poll workers and voters

• Information Technology Manager – managing large numbers of complex information systems, data, vendors and technical staff

19


• The typical county election official may be managing more technology than the county’s IT department:

• Virtually every aspect of the election officials job is connected to IT.

• What part of an election officials job does not involve IT?

• DREs • Scanners • EPBs • Servers • Desktops • Laptops • Tablets • Printers • Vendors

• Phone systems • Copiers • Fax machines • Smart phones • GIS interfaces • VR system clients • Voter services • Software versions • Contracts

20

+-

Voting System

Ballot Marking System

Administrative Reports

Statewide Election Night Reporting

E-pollbooks

Candidate Qualifying

System VR System

UOCAVA / Ballot Delivery/Return

Voter Information

System

Ballot Printing

(re)Districting Systems

Ballot on Demand

Auditing Systems

Interaction of Voting and Election Systems

Pollworker/ Staff Training Sys.

Voter Authentication System

Barcode Scanner

Absentee Application

Online VR System

Ballot Tracking System

© 2017

Precinct Mgt Systems

Auto VR System

Define Bal. Cap & Tab

Reports Audits

GIS DMV

2.0

2.1 22

Introduction to Information Technology for Election Officials Professionalizing Election Administration

• Every profession, including EA, expects and requires a measure of professionalism from its members

• Professionalism includes attainment of certain competencies, certification of attainment, an expectation of ethical behavior, commitment to enhancing the profession and its body of knowledge, and…

• Demonstration of the Attitudes, Knowledge and Skills, required of the profession…

3.0 23


Attitudes • Flexibility – ability to accommodate change with little

notice – adapt and overcome • Resilience – not easily daunted by criticism or attacks • Determination – see the task through to the end, in spite

of resource and support issues • Stick-to-it-iveness – never, ever, give up • Willingness to listen and incorporate multiple points of

view into decision making process • Confidence and self-assurance • Deliberate in decision making – decisions require follow

through and have consequences

3.1 24


Attitudes (cont.) • Election administration is a profession, and as such, is

subject to appropriate public expectations of performance, competencies, transparency and accountability

• Election administration requires the adherence to ethical behavior that enhances the credibility and transparency of election outcomes

• Elections offices are results driven organizations • Voters are “customers” and are entitled to customer service

expectations • Election officials are IT managers and all that entails

3.2 25


Knowledge (IT) • Sufficient knowledge of IT and supporting processes

to make informed decisions • Knowledge of fundamental IT terminology • Knowledge of how IT supports Election

Administration • Knowledge of dependencies on IT within the scope

of the elections office • Knowledge of election technologies, both within and

external to the election jurisdiction

3.3 26


Skills (IT) • Able to recruit, select, and supervise staff with IT

skills • Able to evaluate IT alternatives and justify selection • Able to evaluate risks and mitigation strategies

associated with IT • Able to integrate IT planning into overall election

planning • Able to communicate effectively with IT vendors and

participate in decision making processes

3.4 27


Skills (IT) (cont.) • Able to review IT RFPs and contracts, ask meaningful

questions and make informed decisions • Able to evaluate IT audit plans and understand the

significance of IT audit reports • Able to use and/or direct the use of IT within the

scope of the elections office • Able to communicate the role of IT within the

elections office to county IT staff, supervisory boards, and the media

3.5 28

Introduction to Information Technology for Election Officials IT Concepts

IT Concepts

• Systems are ubiquitous • A system is a collection of unified components that

transform inputs into outputs • Systems may consist of subsystems • Systems have controls that monitor the inputs and

(especially) outputs to determine correctness of operation • Consider the following systems:

• Voter registration • Voting • Election night reporting Consider the inputs, data transformations and outputs of each system

• How is a voting system, different from a voting machine?

4.0 29


• The three primary subsystems in a voting system: • Hardware • Application Software • System Software

• COTS – Commercial Off The Shelf components • COTS components may include printers, tablets,

PCs, cables, storage devices, keyboards, etc. • How do propriety components differ from COTS? • What is a system integrator? • What are the relative strengths and weaknesses of a

COTS implementation?

4.1 30


• Program - synonym for software • Software - set of instructions that control the actions of the

information technology • Source code - human readable instructions before they are

compiled or interpreted by the computer system • Object code - compiled version and is what is actually stored

on the system • To modify the software used by the system, you must have

access to the source code and be capable of “re-programming” the source code

• Open source code is a description of public software routines that can be integrated into a system

• Why is software escrowed? • Are open source systems better than propriety systems? • How difficult is it to read and understand source code?

4.2 31

• Html source code from a web page… <!doctype html> <html> <head> <meta http-equiv="Content-type"

content="text/html; charset=utf-8" /> <meta name="keywords" content="" /> <meta name="description" content="Author: George Vrakas" /> <title>10 Inspirational Quotes for Procurement </title>  <script src="/site_media/js/jquery.tools.min.js"></script>  <link rel="stylesheet" href="/site_media/css/960/960.css" type="text/css" />  <link rel="stylesheet" href="/site_media/css/960/reset.css" type="text/css" />  <link rel="stylesheet" href="/site_media/css/global.css" type="text/css" />

4.3 32

Introduction to Information Technology for Election Officials Data, Information and Systems

Data – digital representation of fact or phenomena • 45 • Smith

Data is “typed” (character, numeric, etc.) and has attributes Information – Data with context. Used to support problem

solving or decision making • Voter’s house number: 45 • Voter’s last name: Smith

Information Systems store and convert data into information Information Technology is the hardware and software used to

implement information systems VR systems, voting systems, electronic pollbooks – it’s all IT.

33

Being an IT Manager “The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency.”

- Bill Gates

34

• Election Officials must view themselves as complex IT system managers (because their bosses – the voters - do) – How does each decision impact the process and

protection of data? – Every aspect of election administration should be

viewed through the lens of the the integrity of the process(es).

– EOs must understand the systems in the office in order to make best decisions

– What is the relationship between the IT and Organizational strategic goals?

6.1

Introduction to Information Technology for Election Officials IT Manager

35


IT Management Example: Election Continuity

•Also called Disaster Recovery Plan or Contingency Plan •Goal – allow the election to continue without disruption and without compromising integrity of the outcome •IT disaster recovery

•Know where data is, who “owns” it, and its role in the election •Backups are only effective if recovery is possible

•Procedures change over the life of the election •Once L&A begins, the database must be preserved •Blank ballots are different than voted ballots

6.2 36


Election Continuity (cont.)

•Alternative processing locations must be “certified” in advance •Social media strategy used to inform voters, media •Communications must be preserved!

•The first casualty in a disaster is the plan •Personnel Issues •Chain of custody of ballots, media, documentation •Coordinate with county EMS •Who needs to be involved in election continuity planning in your county?

6.3 37

• Data is at the core of elections

• Data Integrity in its broadest meaning refers to the trustworthiness of the information over its life cycle

• Must be able to DEMONSTRATE the integrity of the data

• Who owns the data? Who establishes standards of care? Who has custodial responsibility?

Introduction to Information Technology for Election Officials Data Integrity

7.0 38

Technology & The Elections Office

“The real problem is not whether machines think but whether men do.”

- BF Skinner

8.0 39

• Timekeeping/Payroll System

• Project Management Software

– Designed to set touchstones and dates and work towards those

– The 1 thing you can’t get back in elections is…

– Need to have a way to track everything

– Identify slack and concurrency

• Pollworker module of VR System

8.1

Introduction to Information Technology for Election Officials Technology and the Elections Office: Personnel Management

40

• Internet – Global, public network of servers and computers – Accessed via an ISP – Every device has an address – Security always a concern

• Intranet – Within the office or state/county network – Does not go out over the Internet – Security still a concern

• How do you know one from the other?

8.2

Introduction to Information Technology for Election Officials Technology and the Elections Office: Networks

41

• Keep voting machines, EMS, routers off of the Internet

• Understand your relationship with county IT staff – Do you know your County IT Staff?

– What impact could they have on election day?

• Sneakernet is your friend – Preserve chain of custody of media

• Color coding cables can help

• Periodic penetration tests and scans – Vulnerabilities; open ports

• Firewalls

42 8.3

Introduction to Information Technology for Election Officials Technology and the Elections Office: Networks

• Protect against viruses, spyware, ransomware and other malicious code

• Establish/adopt/implement security practices

• Educate employees and pollworkers

• Make backups of all essential data

• Control physical access to computers

• Avoid social engineering and phishing attacks

• Managing passwords

43 8.4

Introduction to Information Technology for Election Officials Technology and the Elections Office: Cybersecurity

• Effective tool when used properly • Know the various platforms and what they are

best used for: – Website – Facebook – Twitter – Blogs – Linked In

• Vulnerabilities and liabilities • Must have social media policies

8.5

Introduction to Information Technology for Election Officials Technology and the Elections Office: Social Media

44

The elections office website is their public “face”. • What does it communicate about your office?

The top 5 questions voters want answered: • What is on the ballot?

• How do I get an absentee ballot and when is it due?

• Where do I vote?

• How do I register to vote?

• Who is In office now?

Visit http://civicdesigning.org/fieldguides/

8.6

Introduction to Information Technology for Election Officials Technology and the Elections Office: Websites

45

http://civicdesigning.org/fieldguides/

http://civicdesigning.org/fieldguides/

8.7 46

8.8 47

8.9 48

Twitter Examples

8.10 49

Benchmarking

“It is a capital mistake to theorize before one has data.”

- Sir Arthur Conan Doyle

9.0 50

A means of improving performance by:

• Measuring what you are doing

• Comparing results with

–Other jurisdictions,

–Professional standards, and/or

– Yourself over time

• Using the information to improve performance

9.1

Introduction to Information Technology for Election Officials Benchmarking

51

Using Benchmarks to communicate with… • Budget authorities • Political parties • Advocates • Policy makers

– State CEOs – Legislators – Congress – Boards and Commissions


9.2 52

Using benchmarks to demonstrate what?

• Effectiveness, we are doing the right things

• Efficiency, we are doing things right (for the least expenditure of resources)

• Impact of changes in policies, procedures, resources, etc.

• Needed changes


9.3 53

Measuring and Demonstrating Effectiveness

• Contra Costa County, CA, was concerned with the rejection rate for absentee ballots

• Measured absentee ballot rejections

• Analyzed causes

• Put flyer explaining causes on colored paper in instructions June 98

• Refined flyer afterwards

Introduction to Information Technology for Election Officials Benchmarking: Effectiveness

9.4 54

NOV 96

JUN 98

NOV 98

MAR 00

NOV 00

1%

2%

2%

3%

3%

4%

4%

5%

REJECTED ABSENTEE BALLOTS

CONTRA COSTA COUNTY, CA

9.5 55

Increasing Efficiency

• Maricopa County AZ compared the cost of online voter registration with paper registration and found an average savings of $.80 per registration.

• Calculated savings were:

– $206,779 in 2006

– $370,323 in 2008

9.6

Introduction to Information Technology for Election Officials Benchmarking: Efficiency

56

Creating Impact on elections operations

• Sacramento County faced a cut of 46% in its 2009-2010 general fund budget.

• With detailed financials records county was able to project impacts such as:

– Cut of about 50% in number of polls

– Elimination of bi-lingual election material resulting in non-compliance with VRA

– Not mailing sample ballot pamphlets to each voter

• Proposed cuts were from 46% to 7%.

Introduction to Information Technology for Election Officials Benchmarking: Impact

9.7 57

Improve budget justification and approval processes

• Improve efficiency, learn how to do the same thing with less money

• Demonstrate efficiency, show budget authorities that you are already being economical

• Demonstrate impact, show budget authorities the results of cuts

– Must have credible documentation over time.

Introduction to Information Technology for Election Officials Benchmarking: Impact on Budget Process

58

Election Technology

"Any sufficiently advanced technology is indistinguishable from magic."

- Arthur C. Clarke

59

• Different voting systems present different IT challenges

• Understanding your system is crucial to your success

• Voting system is one of several systems prepared concurrently for the election – think portfolio

• Voting systems are systems – not machines

Introduction to Information Technology for Election Officials Voting Systems

10.1 60

What is a Voting System?

• Total combination of equipment and components used for:

– Ballot Definition

– Vote Cast &Capture

– Vote Tabulation

– Reporting & Displaying Results

– Maintain and Produce Audit Trail Information

10.2


61

Voting System Election Life Cycle

• Storage

• Maintenance

• Status and evaluation of consumables

• Pre-election testing & preparation

• Sealed and stored (until election)

• Deployed

• Opened (for election) – For advanced voting or election day

10.3


62

Voting System Election Life Cycle (cont.)

• Execution of election

• Closing of election

• Tabulation

• Canvass

• Recounts

• Audits

• Storage

10.4


63

Voting System Election Life Cycle (cont.)

• IT management concerns – Maintenance of custody

– Logs

– Documenting anomalies and capturing error messages

– Documenting failures and maintenance issues

– Monitoring environmental factors that can impact deployment • Turnout

• Polling location changes

10.5


64

Direct Recording Electronic (DRE)

10.6 65

Precinct Count Optical Scan

10.7 66

Central Count Optical Scanner (commonly used in Vote-By-Mail jurisdictions)

10.8 67

Ballot Marking Devices

10.9 68

Assistive Technologies (AT)

10.10 69

Electronic Ballot Delivery/Return

• MOVE Act – requires states to transmit validly-requested absentee

ballots to UOCAVA voters no later than 45 days before a federal election

• Electronic return – Email attachment

– Fax

– Kiosk

– Internet


70

Testing Voting Systems

• Certification Testing

• Acceptance Testing

• L&A Testing

• Validation Testing

• Volume/Load Testing

• Forensic Testing

• Post-Election Audits

Introduction to Information Technology for Election Officials Voting Systems Testing

71

Certification Testing

• Purpose to establish baseline functionality, accessibility, and security of systems

• 2 main certification venues:

– EAC Testing and Certification Program

– State Certification

• Is there a place for local certification testing? If not, what role can locals play?

10.13

Introduction to Information Technology for Election Officials Voting Systems Testing: Certification Testing

72

VSTLs

• Voting System Test Labs (VSTLs)

• Privately owned testing laboratories that test voting systems (and other election systems) for conformance to the Voluntary Voting System Guidelines (VVSG) or to other requirements, including individual state requirements.

• VSTLs are periodically reviewed for conformance by the EAC and the National Voluntary Laboratory Accreditation Program (NVLAP) administered by the National Institute for Standards and Technology (NIST).

• In 2017, there are two accredited VSTLs.

10.28 73

EAC Testing and Certification

• Test voting systems to the Voluntary Voting System Guidelines (VVSG)

• Conformity Assessment

• Certify a certain system in a very specific configuration

• Provide state and locals with systems that have a certain level of performance (HAVA level)

• Quality Monitoring Program

10.14

Introduction to Information Technology for Election Officials Voting Systems Testing: Certification Testing

74

What EAC does not currently test

What EAC does not currently test:

• Voter Registration Databases

• Ballot on Demand Systems

• Pollworker Usability and Accessibility

• Electronic Pollbooks

• Blank Ballot Delivery Systems

• Online Ballot Marking Systems

• Election Night Reporting Systems

75

State Certification Testing

• States take a variety of approaches to certification

• Ideally states are certifying systems to meet state/local specific needs. Various models:

– Florida Certification

– Ohio Certification

– Nebraska Certification

76

Acceptance Testing

• Test conducted to determine if the requirements of a contract are met

• Conducted prior to formally accepting a product as part of a contract

• Goal is to make sure EACH unit delivered works as intended and is identical to certified system

• Should be conducted after purchase and after maintenance/repair

• Who is responsible for conducting the AT?

10.17 77

Pre-Election Testing

Defined:

The systematic pre-election testing of every ballot style and every component of a voting system

Purpose:

To demonstrate that the ballot is accurate and that votes cast will be properly tabulated

10.18 78


Confidence:

To permit candidates, parties and the public to review ballots and election definition programming.

Also, gives all parties including election official confidence that system will work on election day.

10.19 79


• Testing accessibility components

• Alternative language components

• Operational readiness of all components, including connectivity

• What does a successful L&A test affirm?

• Last, best chance to identify and correct anomalies in both ballot and systems

10.20 80

Validation Testing

• Test run to validate fielded voting system against what is certified to be used

• Several states now imposing large penalties for fielding non-certified system

• Run software against a trusted build of the certified system

• Hashing = turning larger code strings into expected value and checking

10.28 81

Hash Codes and Validation

Hash Function A hash function is any function that can be used to map data of arbitrary size to data of fixed size. The values returned by a hash function are called hash values, hash codes, hash sums, or simply hashes

Voting system object code is “hashed” so that installations can be validated as identical to the certified version.

10.28 82

Volume/Load Testing

• Also known as stress testing

• Designed to push limits of the system to make sure it can handle election load

• Also want to see what happens when you pass the limit – exception handling

• EAC tests and establishes limits for its systems

• CA requires a large number of systems to be tested with a certain amount of ballots

10.28 83

Forensic Testing

• Almost always associated with a legal process or formal investigation

• First step is to maintain the integrity of the investigation. “Secure the scene”

• Help support the investigators though chain of custody & system documentation

10.28 84

Basic Forensics

• Be aware of logs and other information available on election equipment, EMS servers, routers

• Understand what these files contain

• Investigate this information before a problem occurs

85 10.28

Root Cause Analysis

• System of analyzing a problem to identify not only how a problem occurred, but why it occurred. – Root causes are specific underlying causes – Root causes are fixable – Root causes can be identified – Root causes have effective mitigations to prevent the

problem from reoccurring.

• Example:

– Red button, green button….

86 10.28

Post-election Audits

• Some states mandate audits; some don’t

• Audits are a great opportunity to evaluate all of your processes not just equipment

– Pre-election process

– Ballot design & printing

– Election programming

– Accessibility

– Absentee processing

87

• HAVA created a mandate for a SWVRS

• States vary on implementation of database – Top down vs. bottom up

• NVRA presents huge data entry issue (for most states)

• Have several different points of input – BOE

– BMV (or DMV)

– DOH

Introduction to Information Technology and Information Systems Voter Registration Systems

88

Voter Registration Software • Address/street file • Districts, precincts, census tracts • Voter registration module

– Party affiliation – Voter history – Absentee ballot history (ballot sent, replaced,

returned, etc.) – Correspondence sent, returned – History of changes to voter record – Active/Inactive voter status – Voter registration application images – Voter signatures

11.0 89

Voter Registration Software • Absentee Ballot module

– Permanent absentee voter?

– In person or vote by mail

• When, for what reason?

• Method of voting by election date

• Location of in person voting station

– Voter history

• Provisional ballot cast?

• Regular ballot cast?

– By type, by election

– Type of ballot issued

• Party affiliation, ballot style?

• Replacement ballot issued?

11.1 90

Voter Registration and Database Management Basics

• Know your roles

– Who controls the entry of information?

– Who does QA?

– Database is only as good as the data in it

– Know the process from all sources

– Data integrity is dependent on what should be in list and would shouldn’t i.e. list maintenance

– Normalization

11.2 91

Voter Registration System Security*

• Access Control - only authorized personnel should have access to the voter registration database. Each person with authorization to the database should only have access to the data and information necessary for them to perform their job duties.

• Auditability - the database should have sufficient logging capabilities, including who has made modifications, the nature of the modifications, the authority to make those modifications, and to determine if there has been any unauthorized or inappropriate activity.

• Detection – use an intrusion detection system and monitor the incoming and outgoing traffic for signs of irregularities, such as multiple log-in attempts, above average traffic, large amounts of data being transmitted, etc. If detected have a response and mitigation plan in place.

* U.S. Election Assistance Commission “Checklist For Securing Voter Registration Systems

11.3 92

Voter Registration System Security

• Data Backups – the database should be backed up routinely. If any unexpected modifications to the data were to occur, the database could be restored to the last known state prior to the unexpected modifications. The ability to perform backups and restores should be tested and validated.

• Data Suppression – any data provided to outside sources is suppressed to only contain the data necessary for that entity to perform its legally authorized functions.

– if an entity wants to obtain a copy of the data files to determine where specific voters live for GOTV campaigns, it does not need data field containing ID numbers and therefore, the additional information should not be provided.

• Remote Access Control – only allow remote access through secure networks, such as Virtual Private Networks (VPN).

11.4 93


• Encryption – encryption should be used throughout, including but not limited to encrypting the database, server, backups, any files used for distribution, all data transmission and communication.

• Firewalls – implementation of the proper use of network firewalls for the environment in use. Unauthorized access (or attempts to access) to the data should be detected, prevented, reported and escalated.

• System Interconnection - do not connect the voter registration database to any other information system that is not required for its use. When the voter registration system is required to be interconnected with another information system make sure the necessary security controls are in place for each system individually, as well as the communication channel between the systems.

11.5 94


• Documentation - when data is obtained from an authorized entity, make

sure to maintain documentation on who was provided the information, for what purpose, and what information was contained within the data set. If data is inappropriately distributed, it will be easier to determine the source distribution.

95

Characteristics of Peripheral Systems

• (May) Not be subject to Certification

• Innovative

• Flexible

• Non-Traditional Vendors

• Interoperable (maybe)

• Non-election companies getting into the space

• COTS (probably)

96

Peripheral Systems

• Interconnect to the voting system, VR system, or both

• Include • Ballot On Demand • Election Night Reporting • Ballot Marking Devices • Electronic Pollbooks

11.8 97

Managing Peripherals

• Test, Test, Test

• Understand dependencies between systems

• UOCAVA online ballot markers

• New technology = risk and uncertainty

• New technology = training

• Extra research into the stability of the company

• Configuration management

• Not usually plug and play (in spite of marketing pieces!)

11.9 98

ePollbooks

• Come in a variety of shapes and sizes – Could be just software

– Could be hardware and software with ballot activation

• Must be tested

• Typically stores entire county’s voter list

• May store state electors list

• May be capable of real time updates – EPB-to-EPB

– EPN-to-VRS

• Poses data management advantages and disadvantages

12.0 99

Ballot-on-Demand

• Typically modified COTS printers that are able to print on ballot stock

• Vendors take a basic printer and mold it to fit elections (feed mechanism)

• Must test BOD ballots as part of L&A testing

• Compatibility with VR system and scanners has been a problem

13.0 100

Election Night Reporting

• Seems as simple as election night data being displayed on the website

– Keep in mind you are moving data from one place to another… MANAGE THE DATA!

• Powerful tool to communicate with media and public

• Promotes idea that election night results are THE RESULTS – but not the official results

14.0 101

Ballot Marking Devices

• Originally used for ADA compliance as a way to have “accessible” paper ballots

• Expanding:

– UOCAVA Ballot Marking Wizards

– Oregon iPad experiment

– MD considered using for absentee

• How does voter intent get captured?

• Interoperability

Procuring IT “You need to understand what you are buying, and why, how it will affect your business, and what the potential risks are. That detailed understanding may be beyond the scope of a procurement department.”

– Owen Williams

103

IT Procurement

1. Know the technical and legal definition of the system you intend to acquire

2. Know the roles and responsibilities of all stakeholders in the decision making process

3. Attempt to determine the true cost of

ownership of a system you plan to acquire

4. RFIs, RFPs, and Contracts are your best friend

17.1 104

IT Procurement

5. Changing out an election system has to occur while you are conducting elections on your old system. Changing a voting system is like changing tires on the bus...without stopping

6. The largest investment you will make is education and training.

7. What is the required life span of the new system?

17.2 105

IT Procurement

8. All election systems have some degree of adaptability – know what is required now and in the future. Don’t build obsolescence into the system.

9. Have a vendor management strategy.

10. Know the Known Unknowns. There is a large and growing body of knowledge about emerging trends in election administration and the risks and threats to the integrity of elections.

17.3 106

Accessibility “When speaking of disabilities, the blind and their needs are most often used as an example. It is deceivingly simplistic since accessibility is something most of the population can benefit from.”

-Marcus Osterberg

18.0 107

Accessibility is the extent to which an election system or its component can be accessed and effectively used to accomplish its purpose.

Accessibility is a measure of the usability of election systems by users with disabilities that include no vision, low vision, hearing impairment, mobility impairment, cognitive impairment and other disabilities.

18.1

Introduction to Information Technology for Election Officials Accessibility: Definition

108

• 1973 Rehabilitation Act § 504

• 1990 American With Disabilities Act

• 2002 Help America Vote Act

– Polling Places

– Systems provide independence and privacy

• State statutes

18.2

Introduction to Information Technology for Election Officials Accessibility: Laws

109

• Visual – Text-to-audio readers – Screen and text magnifiers – High contrast

• Motor – Sip-and-puff – Paddles and buttons – Wheel chair access

• Hearing – Amplification

• Cognitive – Tutorials – Memory aids – Writing style

Introduction to Information Technology for Election Officials Accessibility: Technologies

110

Challenges to Better Security in U.S. Elections: The Last Mile

“Distrust and caution are the parents of security”.

- Ben Franklin 111

Introduction

112

• Election history is cumulative and repetitive – no issue ever goes away • 2000 – Interpretation of voter intent and ballot design • 2004 – Emergence of DRES and concerns of vote tampering • 2008 – Voter ID • 2012 – Long lines • 2016 – Cybersecurity

• A quick web search of the strings “cybersecurity” + “elections” = over 12 million hits

• Pages, videos, blogs will be there in 2020 and beyond for rediscovery, recirculation, and interpretation by partisans, activists, and commercial interests.

Challenges to Better Security in Elections

113

• Cybersecurity concerns will stalk future elections and campaigns and become part of the fact and fiction of election lore

• It will also become integral to election clean-up legislation and preparation

• State level • Statute, rule revision • Contracts • Policies and procedures

• Local level • Review policies and procedures for securing systems • Double down on what they

• Know how to do • Can afford to do • Have time to do


114

• Federal level • Changing roles for Federal agencies like DHS and EAC

• Creating effective, uniform, and scalable policies at federal and state levels is not easy, but perhaps doable.

• Securing the “last mile” – the domain of the local election official, may be our greatest challenge.

• This last mile leads from state systems to thousands of election offices scattered throughout the U.S.

• Security is not new to local election officials, but cybersecurity may be.


115

• LEOs are still transitioning from focus on paper-based and physical security practices to cyber-based • Locks to login access • Seals to encryption • Paper logs to digital logs • Manual audits to computerized audits

• Designing better cybersecurity policies for election offices begins by better understanding what makes the last mile distinctive

• Securing elections’ last mile will not be easy, cheap, or fast.

The Last Mile

116

1. Election Administration is Distributed and Heterogeneous • One federal certification authority/standards • Two VSTLS • Seven voting system vendors • Fifty-five SVRS • Hundreds of election system and service vendors • Thousands of counties • Ten thousand election jurisdictions • Hundreds of thousands poll workers and volunteers

• Systems are not uniform • Policies are not uniform • Resources are not uniform • Skill sets are not uniform

The Last Mile

117

2. A Chain is as Strong as its Weakest Link • Over 600K bridges in the U.S. • 11,451 in Florida

• If maintenance is only done where it is best afforded, then our highway infrastructure and functionality is compromised.

• Securing login and credential access in large, technologically sophisticated counties may not improve the overall security of our systems.

• Cybersecurity election vulnerabilities may be concentrated in medium to smaller counties • Many elections determined by small number of votes

The Last Mile

118

3. Follow the Law - and the Law Requires Accessibility • Election officials are trained to follow vetted rules and

procedures – not improvise. • Legal accessibility

• Rehabilitation Act, ADA, HAVA • Political accessibility

• Access to polling locations, services, the ballot • Last-minute introduction and implementation of

cybersecurity procedures are problematic at best; impossible in many cases.

• Election technologies may be locked down months in advance of an election

• Training – scope, topics, and recipients, is dictated by code, rule and practice

The Last Mile

119

4. Static Testing in a Dynamic World • Testing of voting and election systems make assumptions

about the static nature of risks • Long history of human-generated errors are

anticipated and mitigated • Tabulation • Capturing voter intent

• L&A testing is formulaic • Acceptance Testing will mirror strengths and

weaknesses of certification testing

The Last Mile

120

5. LEOS are IT Managers, But are They Cyber Warriors? • LEOS are managing extensive technology portfolios – but

are dependent upon • County IT resources • Vendors • State-level support

• Cyber Warrior – “An IT professional engaged in the infiltration or sabotage of IS, or the defense of IS against outside attack.

• Cyber Warriors typically have substantial academic preparation and persistent professional development activities

• Salaries in low $100K vs. low $30K for election officials • The same workstation uses to validate and update SVRS

records, doubles as an Amazon.com shopping portal and gallery of grandchildren photos on Facebook.

The Last Mile

121

6. Legacy Systems are Secure Against Legacy Threats • Voting Systems perform legacy functions – vote capture

and tabulation • Innovation has not, and for the most part, cannot directly

touch these core functions • Cybersecurity is a goal with moving targets and moving

methods to hit those targets. Testing methods must reflect the dynamic environment dictated by cyber threats

• Voting systems are resistant to the kinds of updates that define modern technology maintenance

The Last Mile

122

7. There is No Downtime to Reconfigure Systems • Elections are continuous, with overlapping start and stop

points • Many states have published election calendars – but then

augment with “specials” • An election is typically 120-day event (90 days prior and

30 days post) • There is no convenient downtime where systems can be

pulled, updated, tested and returned to service

The Last Mile

123

8. Election are Vendor Supported – in Profound Ways • The involvement of vendors in elections is deep and

varied • Manufacture systems – hardware and software • Provide support - prepare elections, L&A, conduct

elections, print ballots, mail ballots • Audits • Support SVRS • The LEO is often a manager of a portfolio of vendor

contracts • Vendors have built their service and QA models around

the needs and resources of their customers – not around more abstract goals of cybersecurity. Focus in on affordable, predictable service with attention to the needs of the LEO – including confidentiality

• These vendors work at “election speed” • May not have Cybersecurity DNA

The Last Mile

124

9. Elections Move at Their Own Speed • The election calendar is established by law • They start as glaciers and end as raging rivers • Once they begin, short of a court order, they will proceed • Hardening a component, once an election begins, may

not legally permissible or operationally feasible • There is never a “good time” to address election issues –

you are either too early, or too late.

The Last Mile

125

10. Elections Focus on Detection and Correction Controls – Not Preventative Controls

• Preventative Controls – methods of preventing anomalies from occurring can be expensive and require predictive knowledge. This is why your workstation malware 1) costs money, and 2) is updated frequently

• LEOs have traditionally relied upon paired detective and corrective controls – things like broken seals. Identify that an anomaly has occurred, isolate the anomaly from the election, correct with after-event mitigation

Future Efforts

126

•The highly distributed nature of elections and voting system deployment makes hacking voting systems difficult; It also does not prevent erosion of public confidence in systems and outcomes. The battle to secure systems is being fought on several levels:

•Technological – working with vendors to build better, more secure, more auditable systems •Operational – working with states and counties to improve awareness and training of work force in order to establish a baseline of security •Communication – Sharing usable information in timely fashion to prepare election officials and communicate risks to public and to campaigns •Social and psychological – maintaining confidence in systems and processes will maintain confidence in outcomes. Transparency of process. •Cyber defense – Coordinated efforts between states, vendors and DHS to prevent and detect intrusion and have rapid incident response.

Future Efforts

127

• Given our new reality is there a need to reevaluate the election system risk profile?

• NIST Cybersecurity Framework could provide outline for risk assessment and mitigation

• Allows IT operators to raise risks and possible mitigations to executive decision makers to make risk choices • Concern from some states that it could be used as a leverage point for additional regulation from federal government

• Election officials are natural risk managers but may need assistance in determining new risk environment.

• State testing officials may be best positioned to identify and communicate new risk environment

• Human element still remains biggest risk in process.

Conclusions and Next Steps

128

• Training of election officials at all levels – especially locals • Principles of IT • Cybersecurity

• Improve the design, implementation and maintenance of election technologies – with attention to security and cybersecurity

• Make risk based decisions based on new risk analysis of election systems

• Leverage vendor QA processes to better ensure security of their systems & incident response processes.

• Better coordination of local, state and federal efforts including improving the timeliness & distribution of intelligence to election officials

• Build securable systems that integrate procedures

Security

“An ounce of prevention is worth a pound of cure.”

-Ben Franklin

19.0 129

Security Topics

• Definition of security domains

• Risk Management

• Physical Security

– Authentication

– Access Control

– Disposal of Equipment and Data

• Computer Security

130 19.1

Introduction to Information Technology for Election Officials Security

• Information Security

• Physical Security

• Computer (Cyber) Security

• Risk Management

19.2

Introduction to Information Technology for Election Officials Security: Domains

131

Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.

132

Introduction to Information Technology for Election Officials Security: Information Security

19.3

The component of information security that results from all physical measures necessary to safeguard a site or equipment, and thereby the data, from unauthorized access, use, or modification. This also includes protections from electrical and environmental (fire, smoke, temperature, etc) damage or destruction.

133 19.4

Introduction to Information Technology for Election Officials Security: Physical Security

The component of information security that results from providing logical protections to safeguard networks and data, including mechanisms such as encryption, integrity, and availability mechanisms.

134 19.5

Introduction to Information Technology for Election Officials Security: Computer Security

Defense in Depth

19.6

Introduction to Information Technology for Election Officials Security

135

Risk Management

The process of identifying, evaluating, accepting, and controlling threats that could exercise vulnerabilities in a system.

Risk cannot be eliminated, only managed.

How do election officials measure risk?

Introduction to Information Technology for Election Officials Security: Risk Management

19.7 136

The Continuum

137

Low High

Security

Risk

High Low

19.8

Risk-Threat-Vulnerability Relationship

138 19.9

Risk-Threat-Vulnerability Relationship

No mitigation

Res

idu

al

Ris

k

19.10 139

Risk Mitigation

140

Low

High High High

Low Low

No Mitigations 1 Mitigation 2 Mitigations

19.11

141

Cybersecurity Risks

• Denial of Service (DDOS)

• Ransomware

• Petya/NotPetya - Wiper

• Stolen Personally Identifiable Information (PII)

• Stolen credentials and login information

• Phishing and Spearphishing

• Disruption

• Doxxing – Publishing damaging information

• Database Targeting/Injection

Authentication

• Define

• Multifactor Authentication

• Passwords

• Tokens

142 19.13

Introduction to Information Technology for Election Officials Security: Authentication

Authentication The process of determining if an entity is who

or what they are claiming to be and has access to the requested resource.

143 19.14

Introduction to Information Technology for Election Officials Security: Authentication

Authentication Examples

144 19.15

Multifactor Authentication

• Multifactor Authentication involves using more than just one method of authenticating an entity

• Two-Factor authentication is regarded as strongly authentication

• The more factors, the better

145 19.16

3 Categories of Authentication Factors

146

Something

you know

Something

you have

Something

you are

19.17

P@$$w0rDs!

• Main method computer driven authentication in use today:

– ATM

– Gas Station

– Facebook

– Voicemail-box

147 19.18

Combinations

148

10 choices/character 9,999

Combinations

256 choices/character 4,294,967,296 Combinations

19.19

Password Study

Password

123456

12345

123456789

Password

Iloveyou

princess

rockyou

1234567

12345678

abc123

149

Findings

30% chose length less than six characters

60% chose alpha-numeric characters only

50% used names, slang words, dictionary words

19.20

Recommendations

• Do not use default passwords • Use different passwords for different accounts • Use different passwords for different people • Use different passwords for different elections • No names or dictionary words

– Example: JaneElection4

• Randomness • At least 8 characters – longer is better. Phrases

even better • Consider a password manager for office desktops

150 19.21

Tokens

151 19.22

Cryptography 101:

The practice and study of techniques for secure communication in the presence of third parties

Introduction to Information Technology for Election Officials Security: Cryptography

19.23 152


19.24 153

• What you need to know:

– Nothing to be intimidated about

– The hard stuff is handled by the equipment

– Need to know how to manage access and sharing of the keys (see passwords)

– Rapidly increasing usage in voting and election systems

– Ask your vendor what is and is not encrypted in your system and what that means


19.25 154

Access Control

• Equipment

• Election Central

• Polling Place

• Warehouses

• Personnel

155

Introduction to Information Technology for Election Officials Security: Access Controls

19.26

Controls ensure the correctness of systems

• Preventative Control – These keep a security breach from happening. Very expensive and designers must accurately anticipate a breach.

• Detective Control – Detects that a breach has occurred

• Corrective Control – Restores system correctness after disruption

156

Introduction to Information Technology for Election Officials Security: Controls

19.27

157

Tamper Resistance Tamper Detection

Delaying physical access to an entity Providing evidence that an entity has been accessed

• Needs to be kept both physically and logically secure at all times. This includes when not under direct human supervision

• Log access to equipment while in storage

Introduction to Information Technology for Election Officials Security: Equipment

19.28

Locks & Keys

• Typically only Tamper Resistance is provided.

• Often can be bypassed without providing tamper detection.

• With 1000 identical keys in a jurisdiction for weak locks, locks and keys should not be assumed to provide a high degree of tamper resistance.

158

Introduction to Information Technology for Election Officials Security: Physical Security

19.29

Seals

• Only provide evidence of tamper detection.

• More effective the more fragile.

• False alarms are typical

• Checking the seal number is key. Without checking, the seal is useless.

• Strong link in the Chain of Custody.

• If a seal is broken – Investigate!

159 19.31

Storage

• Be aware of your environment; – Humidity, salt, fire, heat, sand, dust, cold, snow,

ice, water, flooding (sprinkler systems!)

• Store equipment sealed with a documented chain of custody.

• Store units in a supervised area, CCTV can help – Have enough available space to record before you

need to change storage mediums

160 19.33

Disposal

• Think before you throw away.

• One LEO’s trash is another’s treasure

• Attempt to return unwanted units to the manufacturer.

• Be careful - COTS PC equipment can contain sensitive information.

• Destruction is always safer (PCs, HDDs, Memory Cards).

• Know your county’s IT disposal policies

161 19.34

Disposal

• DREs have archival memory that will contain cast ballot information from past elections. Flash the memory before disposing

• Software is not transferrable. When you sell a piece of used election equipment, you must remove the software (application and OS) before selling

• Do not buy used equipment and assume the software license comes with it!

162 19.35

Polling Place Security

• Be aware access to polling place (entrances and exits)

• Have the ability to view the entire polling place at one time (360 degree view)

• Electronic Devices

• Perception

163 19.36

Election Central Security

• Be aware of access to Election Central locations (entrances and exits)

• Temporary personnel

• Authorized personnel only- Very Complicated

– Badges, lanyards, tags prominently displayed

– If you’re unsure of who a person is; ask.

• CCTV, cameras can help monitor the election office

164 19.37

Personnel

• Separation of Duties

• Role rotation

• Least privilege

• Background checks

165 19.38

Use of Wireless

• Think before you use

• Can provide an unauthorized entrance to election network

• Secure with a strong password

• WPA2 if you must

166 19.39

Portable Computing

• Often contain sensitive information

• Often used in unsafe environments

• Often stolen

• Phones, tablets and laptops are computers

• Backup and recovery

• Can stolen equipment be disabled? Tracked?

167

Incident Response *

• Create an incident response policy and plan - Election officials should be prepared to respond quickly and effectively to a cyber incident. The first step of developing a policy or plan is to identify which events are considered incidents and provide an organizational structure, including roles and responsibilities, for responding to these events. This may also include incidents that occur on systems the organizations uses but are outside of their physical control, such as service-oriented systems provided by vendors.

• Develop procedures for performing incident handling and reporting The incident handling and reporting procedures provide a detailed process for carrying out the incident response policy and plan. (See “Incident Handling Checklist” from the NIST SP 800-61).

* U.S. Election Assistance Commission “Cyber Incident Response Best Practices”

168

Incident Response

• Set guidelines for communicating with outside parties - Election officials should create a communications plan that describes which incidents need to be reported to which outside parties such as the media, law enforcement agencies, and incident reporting organizations. The guidelines should also address the timeframe for this report, as well as identify the members of the incident response team that are integral in implementing the plan, such as public affairs office, legal department, and management

• Select a team structure and staffing model – There are many resources for developing a team structure and staffing model, but the first consideration an organization should make is whether it will create an internal incident response team or outsource it. Organizations should take into account that an incident can occur at any time, response can require specific expertise across a multitude of technical and non-technical sectors of the organization, and these incidents can often be both stressful and costly.

169 19.46

Incident Response

• Establish relationships and lines of communication - between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies). Every incident will require collaboration and cooperation of multiple team members and groups. The relationships and credibility of each team member and group is vital to a successful recovery from an incident.

• Determine what services the team should provide – Having well defined roles for which members and teams will provide what services will facilitate a smoother implementation.

• Staff and train the incident response team - Training staff and the incident response team ensures that the incident response procedures are accurately carried out. Additionally, the training should provide specific details on the transition from incident response to recovery.

170

Securing Election Night Reporting Systems *

• Antivirus Software - run antivirus software. Ensure to update the antivirus software along with all other updates and patches.

• Authentication – enable two - factor authentication for the uploading of results and remote administration of the ENR. Encourage/require the use of strong passwords and proper password management. Shared passwords should be discouraged. Every account should have its own password and passwords should not be written down or placed in public view.

• Backups – if at any point there is unexpected activity or the website becomes unavailable it can be restored to the last known state, so that systems and data can be recovered quickly in the event of an incident. Additionally, if a printed copy (electronic or hardcopy) of the results is obtained during the backup process the printed copy can be provided in the interim, until the ENR system is back up and available. The backup and restore process should be tested and validated.

* U.S. Election Assistance Commission “Checklist for Securing Election Night Reporting Systems”

19.41 171

Securing Election Night Reporting Systems

• Communications Security – use encryption and data integrity to protect communications over any network. In particular Transport Layer Security (TLS) to protect traffic between the client (e.g. web browser) and the server (ENR system)

• Detection – use an intrusion detection system and monitor the incoming and outgoing traffic for signs of irregularities, such as above average traffic, large amounts of data being transmitted, etc.

• Firewalls - use network firewalls to only allow incoming and outgoing traffic that is necessary for the operation of the ENR system. Unauthorized access (or attempts to access) to the data should be detected, prevented, reported and escalated.

• Incident Response Plan - have an Incident Response Plan in place. Know how you and your jurisdiction would respond to incidents that compromise the availability or integrity of the ENR system.

19.42 172


• Media Handling – use clean, dedicated, single-use or write-once media (e.g. USB flash drive, CD/DVD) to transfer data from the voting system to the ENR system. After transferring the data from the media to the ENR system, catalogue the media. This provides an archive of the results uploaded to the ENR system.

• Proof – verify the data being posted to the ENR system match the official results from the voting system. Validate that the results shown on the website match the official results exported from the voting system.

• Test – thoroughly test the ENR system. Include results reporting via the ENR system in the Logic & Accuracy testing to validate that the data is being transferred accurately. Volume and stress test the ENR system and the network to make sure that it has sufficient bandwidth to satisfy (or exceed) demand. A lack of bandwidth may allow for a denial of service attack to take an ENR system down.

19.43 173


• Vulnerability Scanning and Analysis – use software to identify security vulnerabilities on systems deployed in a network. Regular vulnerability scans of the ENR and other systems on the same network can often find points of weakness.

• Update/Patch Software – outdated software is the target of most attacks. Ensuring these are patched with the latest updates greatly reduces the number of exploitable entry points available to an attacker.

• Load Test – In almost every deployment of an ENR system there is an instance of overload of the system leading to denial of service. Test the system simulating extraordinary heavy loads over a span of time.

19.44 174

175

5 things you can do right now

1. Ensure that all aspects of voting system (VS, EMS, Ballot Creation) are not connected to internet… clean media & air gaps

2. Audit your systems, data, processes & procedures

• Pre-election testing, post-election auditing, chain-of-custody, access controls, physical security

• Do what election officials do…

3. Secure your data

4. Develop an incident response & recovery plan

5. Take advantage of all available resources

Critical Infrastructure

“Our prime purpose in this life is to help others. And if you can’t help them, at least don’t hurt them” - Dalai Lama

21.0 176

• Critical Infrastructure: • Modern definition created by the Patriot Act

in 2001 • A designation made by DHS that affects how

resources are allocated to certain fields

•Elections As Critical Infrastructure: • DHS designated Elections to be part of the

Nation’s Critical Infrastructure on January 6, 2017

• Secretary Jeh Johnson signed the order

177

Critical Infrastructure – Where did it come from?

Jan. 6

Election Systems as CI Defined

• In release designating election systems as CI Secretary Johnson outlined election systems as follows: – “By election infrastructure, we mean storage facilities,

polling places, and centralized vote tabulation locations used to support the election process, and information and communications technology to include voter registration databases, voting machines, and other systems to manage the election process and report and display results on behalf of state and local governments”

• Sector: a distinctive group of entities that are cohesive in purpose

– Here: Elections

• Sector Specific Plan: the document that establishes and governs the sector and the information sharing protocols within it

• Sector Specific Agency: the federally agency charged with crafting and administering the sector specific plan.

– Typically DHS. When a subsector is created often DHS and another agency

• Coordinating Council: a group of people and entities, both private and public sector, that help communicate stakeholder perspectives, information, and interests to the SSA.

• Information Sharing & Analysis Center (ISAC) – Entity that can be set up to receive and share various threat indicators & other information & intelligence to the critical infrastructure subsector.

179

Critical Infrastructure – Key Terms

180

The Process

The SSA and the coordinating

counsels work to establish an

information sharing network

The Sector creates its

coordinating counsels

The SSA crafts the sector

specific plan

DHS declares a sector to be

critical infrastructure

Sector Entities Get Priority Access to DHS Resources

EAC Starts Producing Critical Infrastructure Tools and Resources

• What does it mean? – Increased info & intelligence

sharing – Protected information sharing – International norms regarding CI

exist – Prioritization of CI entities for DHS

resources – Tailored best practice documents

for CI area • What doesn’t this mean?

– More money 181

What do we think we know?

•The EAC is: – Currently working with DHS to

help election administrators understand the impacts of the designation

– July 25 Meeting in Albany • Structure of coordinating

council • Sector specific plan timeline • Identifying an ISAC

– Pushing DHS & intel community to more efficiently share info w/ elecction officials

– Starting to produce toolkits and other products to help you navigate critical infrastructure

182

Current EAC Efforts

• CI Scoop – Blog – A new blog every

few days – Covering all topics CI

and elections as CI – Updates on the EAC

and CI

• Documents – 6 page in-depth

overview of Critical Infrastructure and Elections as Critical Infrastructure

– Alphabet Soup of CI

183

Getting the CI Scoop

• Reach out to us with any questions that you have concerning Critical Infrastructure

• Tune-in to CI Scoop • Send an email to:

– Mark Listes at [email protected]

• We have more information and resources about Critical Infrastructure on our website: – Public Hearing between EAC, election

officials, and DHS – Educational Presentations – Presentations by others – Running list of questions from election

officials that we continually communicate to DHS

184

Learn More

mailto:[email protected]

The Future

“My interest is in the future because I am going to spend the rest of my life there” - Charles Kettering

21.0 185

• Precinct-less Voting • Component Based Systems • Virtualization (operating systems) • Hardware Independence • Enhanced Accessibility Mitigation • Hybrid Systems – DRE & Opscan combined • Internet Voting • Next-gen VVSG • COTS Integration • The only thing certain about the future…

Change!

Introduction to Information Technology and Information Systems What’s Next?

21.1 186

Questions?

Brian J. Hancock – [email protected]

Merle S. King – [email protected]

Matt Masterson – [email protected]

Thank You!

187


