The IT-ISAC’s Elections Industry-Special Interest Group has published a white paper focusing on its first two years of operations.
EI-SIG was formed in August 2018 by elections technology providers who aim to “scale-up information-sharing capabilities and collaboration with IT-ISAC member companies to enhance the security and resilience of voting systems and to ensure confidence in election result,” according to the white paper released Wednesday.
The group held its first “first in-person meeting to discuss coordinated vulnerability disclosure in various industries with guest speakers from the automotive, aviation, and medical industries” in January 2019, and released a “white paper on their efforts to finalize an industry framework for a coordinated vulnerability disclosure program” the following August.
EI-SIG has explored how “a CVDP can help ensure the security of voting systems, how voting system testing and certification processes can support the voluntary adoption of CVD, and steps the industry will take to ensure the quality and effectiveness of the program.” The group also released a request for proposals in September 2019 “to solicit feedback on how crowd-sourced CVD programs could be implemented in the elections industry.”
The white paper says, “The EI SIG remains committed to its established goals, including seeking opportunities for researchers to have access to voting machines as they are deployed in the field. The SIG continues to work through the details of full implementation of such a program, including working with the Election Assistance Commission to ensure protocols are in place to ensure certification of necessary patches can be swiftly implemented.” -- Sara Friedman (firstname.lastname@example.org)