This past Thursday evening Viakoo participated in a great event hosted by CapitolSec 2020 in Sacramento – a “pitchfest” where multiple technology companies came to share ideas in front of a judging panel on how their technology could be used to improve the security of election systems. While we’re proud that we were awarded as the winner based on having the most compelling technology solution to this problem, the more important takeaway is that solutions for IoT service assurance and cyber hygiene are needed for broad societal issues, not just commercial or industrial applications.
The nature of any electronic system, whether IP-connected or not, is that the security of such systems must be actively defined and managed. Hackers have found methods to penetrate even air-gapped systems, so without question there will be attack vectors developed to hack voting systems. As a leader in physical security service assurance and cyber hygiene, some of the lessons Viakoo has learned along the way can be directly applied to security in a broader sense, including election system security.
Let’s start by looking at the nature and scope of the problem. There currently are 18 approved vendors of electronic voting systems. Devices from these 18 vendors are connected to networks which may be comprised of multiple vendors of routers, servers, operating systems, storage adaptors, and storage devices. In other words, the complexity of such networks presents virtually infinite permutations of possible paths that data may travel through. This is exactly the situation Viakoo’s solutions were designed for.
In addition to the underlying infrastructure, securing election systems also requires cyber security solutions which do not require direct or live access to the election system itself. To address this need solutions must incorporate digital twin or similar approaches to sense and measure possible anomalies that would signal cyber breaches or other impacts. Likewise, because of the distributed nature of election systems and minimal technical support and oversight for them automated methods of checking passwords and updating election device firmware are needed (just like physical security systems).
Viakoo’s view is that electronic voting systems are another form of IoT (internet of things), and as such should be guided by security methods being developed and used for IoT. As a warning to “rapid” deployment of electronic voting systems, the recent history of IoT has shown they are very insecure compared to other networked IP-based systems and do not have well-developed methods of service assurance for them. Electronic election systems by their nature must be deployed with a complete and comprehensive service assurance and cyber hygiene capability from the beginning – it’s not something that can be added later.
In summary, a comprehensive approach to election security must incorporate environmental design, IoT service assurance, cyber hygiene, system level process measures, key metrics, and methods of alerting and notification, and other elements. Viakoo believes that security for electronic voting systems must be aligned with NIST and CIS (Center for Internet Security) cyber security protocols, along with continuous monitoring of system metadata (not votes themselves or data stored or transmitted) and environmental design of where voting systems are physically present. In particular, the concept of a “digital twin”, where the operational system can be evaluated in real time with respect to a digital model of that system, can be highly effective in detecting the presence of malware or other methods of impacting the integrity of the voting system.
Whether it’s a IP camera device, a smart sprinkler head, or an electronic voting system, Viakoo’s approach to endpoint security and management helps to accelerate IoT benefits for a wide range of organizations – even large populations like voters.