Bill calls for voting systems to undergo penetration testing
WASHINGTON (CBS19 NEWS) -- A bill before the U.S. Senate aims to strengthen the country’s election infrastructure.
Senators Mark Warner and Susan Collins introduced the bill on Wednesday.
According to a release, the Strengthening Election Cybersecurity to Uphold Respect for Elections through Independent Testing, or SECURE IT, Act would require voting systems that need certification to undergo penetration testing.
This type of testing through simulated attacks lets researchers look for vulnerabilities by trying to attack a system with the same tools and techniques cybercriminals use.
“If we’re going to defeat our adversaries, we have to be able to think like they do. The SECURE IT Act would allow researchers to step into the shoes of cybercriminals and uncover vulnerabilities and weaknesses that might not be found otherwise,” said Warner. “As foreign and domestic adversaries continue to target U.S. democracy, I’m proud to introduce legislation to harness a critical cybersecurity practice that will help safeguard our elections infrastructure.”
Current law under the Help American Vote Act does require the Election Assistance Commission to provide for the testing and certification, decertification and recertification of voting system hardware and software by accredited laboratories.
However, the senators say the existing law does not explicitly require penetration testing of these systems.
This new legislation would also tell the EAC and the National Institute of Standards and Technology to accredit the entities that can perform penetration testing.
And the bill would create a Coordinated Vulnerability Disclosure Program through which vetted researchers would be given access to voting systems by their manufacturers.
The researchers would then look for vulnerabilities and disclose them to the manufacturers and the EAC.
To read the full text of the bill, click here.