August 9, 2019
FOR IMMEDIATE RELEASE:
Board of Elections addresses cybersecurity concerns about voting system
Providence, RI: Recent articles in online news publications have raised cybersecurity concerns regarding Rhode Island's voting system and use of modems to transmit unofficial election results on Election Night. Many of the issues raised in the article are inaccurate or outdated. The following Frequently Asked Questions has been created to address the issues raised in the article. An additional Election Systems and Software (ES&S) FAQ regarding the security of transmitting unofficial election results has also been attached to this release.
RI Voting System Cybersecurity - Frequently Asked Questions (FAQ)
Is Rhode Island's voting system online? No. A data communication server, which is separate from the Election Management System (EMS) where votes are tallied, is securely configured to receive only unofficial election results from each DS200 in each of the state's 461 polling places on Election Night. The DS200 encrypts the file containing the results using industry-standard encryption protocols and initiates an encrypted connection to the data communication server. Only the DS200 can initiate this connection, which is initiated as part of pollworker closing procedures. The connection lasts approximately 30 seconds. The article contains an inaccurate diagram labeled Rhode Island EVS 22.214.171.124/126.96.36.199, Rhode Island System Configuration". It is dated October 23, 2015 which is prior to the state purchasing the new voting system in 2016. The diagram was part of an initial proposal by ES&S and does not reflect the current voting system configuration.
Is the data communication server active year-round? No. The data communication server is activated shortly before the polls close at 8 p.m. on Election Night. It is also active periodically during the few weeks leading up to an election for testing or training purposes. For training, a separate server is activated to simulate transmission during classes for pollworkers. At all other times, the data communication server is physically disconnected from the ISP connection. It has not been connected or powered-on since November 7, 2018. Transmission of unofficial election results does not occur for local special elections.
Are official results transmitted through modems? Absolutely not. The morning following the election, all 39 cities and towns, including New Shoreham (Block Island), must transport the encrypted USB drive from each precinct DS200 to the Board of Elections offices in Providence. These encrypted drives are physically loaded into our Election Management System (EMS) to generate official results. These results are compared to the transmitted results from Election Night to identify any potential discrepancies. There were no discrepancies found after the 2018 General Election after this comparison was completed. If an encrypted drive is ever compromised or damaged, the Board can still recount the paper ballots.
Why does the article say Rhode Island's system was found online? This is unclear since the article does not indicate when they conducted their scans and neither the author or the researchers contacted the Board of Elections for any information. It is possible that researchers were detecting a secure network that is necessary for the maintenance of the state's electronic pollbooks, which until August 2018 shared the same ISP connection as the data communication server, but nothing else. Maintenance of e-pollbooks occurs year-round for special elections and financial town meetings.
What has the Board of Elections done to secure the state's voting system? In June 2017, the Board of Elections sought the assistance of the state Chief Cybersecurity Officer Mike Steinmetz to assist in convening state cybersecurity experts to analyze the state's voting system and identify any potential areas which could be improved from a security or best practices standpoint. Mr. Steinmetz assembled an informal working group consisting of experts from the state Department of Information Technology (DoIT); the Rhode Island National Guard Defensive Cyber Operations Element (DCO-E) , and the Rhode Island Fusion Center (an intelligence sharing collaborative between the RI State Police and several federal and state agencies); and RI Secretary of State. Over the course of 8 months, the group met regularly at the Board of Elections offices to gather information, assess the system, and determine any corrective action needed.
DoIT staff visited the Board of Elections facility several times to conduct a security assessment on both the voting system network configuration as well as physical security of the network facility. The RI National Guard's Defensive Cyber Operations Element (DCO-E) deployed staff to the Board of Elections facility to assess the network configuration for the voting system and e-pollbook systems. The DCO-E also conducted a field assessment of equipment at the polls during a special election conducted in Scituate in January 2018.
By June 2018, both DoIT and the RI National Guard's Defensive Cyber Operations Element had submitted their findings to the Board of Elections and found no major areas of concern with the current configuration or security measures implemented. Many of the recommendations involved best practices such as: how to establish sufficiently complex passwords; changing passwords each election; disconnecting the data communication server when not in use; changing IP addresses each election. All the recommendations were implemented.
In August 2018, to enhance security even further, the Board requested that Verizon initiate development of a Verizon (Zero Tunnel) Private Network. With the Verizon Private Network, neither the firewall nor the data communications server are connected to the internet. All transmissions stay on the Verizon Private Network and never connect to the public internet. Only Verizon Private Network certified devices are used in the private network architecture. Verizon Private Networks are specifically designed for high-security applications in critical infrastructure environments. This solution has been tested by federally accredited voting system test laboratories and proven in a number of recent implementations in other jurisdictions that use modems to transmit unofficial election results. Unfortunately, the Private Network was unable to be completed in time for the 2018 General Election. However, Verizon has since completed the private network and it is ready for implementation in 2020.
In late October 2018, prior to the General Election, the Board of Elections requested that DoIT conduct an audit of the firewall and data communication server portions of the voting system. These systems had been active periodically during the testing and training period prior to the November General Election and the Board wanted to ensure there had been no attempts to penetrate the system or that no anomalies existed. The audit found no unusual activity or anomalies within the logs of these devices while they were active.
Furthermore, critical security patches are regularly applied to the state's voting system, and the system is up-to-date with all security updates. These patches are only performed using a physical disk on-site by ES&S staff in coordination with state IT staff. Updated security patches were last made in January 2018 and July 2018. No security patches have been released since that time. The Board continues to monitor for the release of any new critical security updates necessary in the future.
Finally, prior to and during each election cycle, the Board works closely with DoIT to assess the configuration of the voting system to ensure all security measures on all components are fully implemented and best practices are being followed. This joint effort will continue throughout the 2020 election cycle to ensure robust security practices are being implemented effectively.
Was an IP address included in a publicly available document? In 2017 a local cybersecurity expert contacted the Board of Elections with an interest in the security of the state's voting system. The Board met with this individual and provided him with all requested information that did not involve sensitive areas of the system. The individual issued a public records request for documents related to equipment-testing for several special elections and electronic logs for the DS200 voting machines used in the 2016 General Election. With an interest in providing information to the public and complying with public records laws, the staff reviewed the request with legal counsel, and it was determined the information was public record. However, a single instance of an IP address had been included in the logs which consisted of hundreds of thousands of lines of entries. It was quickly discovered and the IP address was immediately changed. As a security measure, the IP address is changed prior to every election.
Does the Board of Elections plan to use modems for unofficial election results during the 2020 election cycle? In mid-2018, Election Systems & Software (ES&S) notified the Board of Elections that the modems currently installed in the DS200 would be obsolete by January 2020 because they utilize 3G technology, and the wireless network will only support 4G devices at that time. At a meeting on Aug. 6, the Board voted to continue the question of purchasing replacements modems until more research can be done on security of the devices and the jurisdictions in 11 other states that utilize ES&S modems for unofficial election results. ES&S indicates 33,741 modems are currently in use in these jurisdictions, and 12,169 have already upgraded to 4G Modems.
A decision on whether to deploy modems in 2020 will be made once the Board has acquired all of the information necessary to make an informed decision. Transmitting unofficial results securely on Election Night remains the fastest way of acquiring unofficial results on Election Night. The Board remains committed to continue working with our cybersecurity partners to address any security concerns before deciding to leverage this technology so that public confidence in the voting system is maintained.