In Indiana, we take great care to prepare for each election. The security of our election systems is of the utmost importance, and in addition, to physical and cyber security, information is a powerful defense. In partnership with counties, other states, and the federal government, we are developing new answers to security concerns and election policy. Some of the tools and precautions being taken in Indiana to ensure secure voting include:
Hosted by Ball State University, this program tests all of the election equipment used in Indiana for an added layer of safety and security. After VSTOP reviews the system to ensure its compliance with the law, their recommendation is presented to the bi-partisan Indiana Election Commission, the body responsible for certifying voting systems for use in Indiana.
The Indiana Secretary of State’s Office has partnered with Indiana University to review and improve the state’s election cybersecurity incident response plan and will help prepare election officials in all 92 Indiana counties for cybersecurity incidents related to the 2020 General Election and beyond.
The project will have three parts:
FireEye provides intrusion detection and prevention systems at the state and county level. They monitor internet traffic accessing websites and databases to prevent bad actors from accessing critical election information. This partnership not only prevents and blocks cyber threat, in the event of an incident, FireEye will provide resources to remove the threat.
An independent entity that partners with the U.S. Department of Homeland Security, this allows us access to 24/7 security information, threat notifications, and security advisories.
The Federal Government has conducted risk and vulnerability testing to secure Indiana’s electronic information such as the Statewide Voter Registration System and the state election website.
The Statewide Voter Registration System is used by the state and the counties to maintain voter registration list. We are investing in security at all levels by implementing validation requirements to ensure only authorized users can access the system.
Hoosiers utilize IndianaVoters.com to register to vote, update their voter information, find their polling location and much more. The state is investing in security at all levels by implementing validation requirements to enhance security for public online access of voter registration information on indianavoters.com, if the voter chooses to do so.
A voter verifiable paper audit trail (VVPAT) is a security measure that allows voters to independently verify their vote was correctly recorded. Further, Indiana law allows for county election boards to select the voting equipment used in their counties, as long as those systems are certified for use in Indiana. Currently, state law allows for the use of an optical scan ballot card system (OpScan) or direct record electronic system (DRE).
OpScan voting systems employ a voter verifiable paper audit trail (VVPAT) by nature of its design – using ballot card marked by the voter or a ballot marking device that is then tabulated by an optical scan component. All DRE systems must contain a VVPAT component not later than December 31, 2019. The bi-partisan Indiana Election Commission has certified a VVPAT component for use on one vendor’s voting system, and currently awaits applications from other DRE vendors. During the 2019 Municipal General Election, four counties piloted the VVPAT attachments to provide voters with a paper trail. The pilot was a success and more counties will be adding paper trails in 2020. By 2030, all counties must use a voting system – DRE and OpScan – that has a voter verifiable paper trail.
Penetration testing, also called ethical hacking, is a practice of testing a computer system, network, or web applications to find security vulnerabilities that could be exploited. The State periodically conducts penetration testing to identify potential security vulnerabilities. Once vulnerabilities have been identified steps will be taken to address identified security vulnerabilities and strengthen the security of the Indiana elections infrastructure.
Distributed denial of service attacks known as DDOS attacks are used to take down websites. To prevent this, the State has implemented a distributed denial of service content filter called Cloudflare to protect indianavoters.com.
Each year the Voting System Technical Oversight Program (VSTOP) team provides Indiana counties with best practices for the operation of election equipment and cybersecurity. Best practices are updated each year as cyber threats evolve and the election landscape changes.
A risk limiting audit or RLA is a post-election audit of ballots. A RLA requires manually reviewing a sample of ballot cards of a VVPAT component to a DRE to ensure election results are interpreted and tallied correctly.
State law establishes physical security standards for election equipment. Many county election boards adopt customized security resolutions above and beyond what is required by law.
It’s also important to know that no piece of Indiana’s voting equipment is online. The machines and tabulators are not connected to the internet. Public tests of voting systems are conducted in all counties prior to an election, and are open to the public. If you would like to attend, contact your county administrators for times and locations.
We take the security of our elections process very seriously and are working diligently to ensure that every available defense is utilized. Indiana has taken many steps to secure our elections, but let’s be clear: there will always be new recommendations, new technology, and new best practices where cybersecurity is concerned. The way we administer elections must continue to evolve, because this is a race without a finish line. We are fully committed to ensuring that we continue to move forward, using every tool at our disposal to maintain safe and secure voting for all Hoosiers.
Call 1-866-IN-1-VOTE (1-866-461-8683) or email [email protected]