Security
Secure. Accountable. Reliable.
Every time voters head to the polls, they want to know their votes will be accurately counted and protected. At Election Systems & Software, we take extra precautions to ensure our software, hardware and data are well-insulated from harm.
100%
Every ES&S employee completes annual security awareness training.
0/1,500,000
Our EAC-certified systems are required to complete testing with 0 errors in 1.5 million ballot positions consecutively.
We don’t just follow industry best practices; we help develop and distribute them through a partnership with the U.S. Department of Homeland Security. From internal protocols to training on every piece of equipment, we go above and beyond what’s required to keep our elections safe.
Learn about the six layers of security that protect ES&S voting systems – from physical security to encryption to verifiable audit trails.
How we secure our supply chain.
ES&S takes a comprehensive approach to protect our supply chain and deliver solutions that states, jurisdictions and voters can trust. We work with a wide range of supply chain stakeholders to maintain the most secure supply chain possible.
Watch the ES&S Supply Chain Security video
Protecting elections together.
Department of Homeland Security
We believe in strong partnerships and collaboration with DHS Critical Infrastructure Program offices, including the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Assessment and Technical Services (NCATS).
Information Sharing and Analysis Centers
An ISAC is a nonprofit organization that provides a central resource for gathering information on cyber threats to critical infrastructure and two-way sharing of information between the private and public sectors. We are a member of the Information Technology ISAC (IT-ISAC) and the Elections Infrastructure ISAC (EI-ISAC).
Albert and the Center for Internet Security
Albert is a unique voter registration network security monitoring solution that provides continuous remote monitoring through the CIS 24/7 Security Operations Center. Automated alerts allow election jurisdictions and ES&S to respond quickly when data may be at risk.
How ES&S partners with security researchers.
ES&S welcomes feedback from security researchers to help improve its security. If you believe you have discovered a vulnerability in any of our digital assets, we want to hear from you.
How we protect our systems and data.
We go to great lengths to ensure that all of our products and processes have safeguards in place to protect voter information. A mix of physical and technological controls prevents human error and threatening cyber activity.
Physical security
Our systems also use physical locks and tamper-evident seals. These provide safeguards against tampering before, during and after an election.
System hardening
System software is installed on hardened computers, which are locked down to only perform the core functions required for an election. A hardened computer will not accept an unauthorized USB flash drive and restricts authorized users to only perform necessary actions.
Secure data
We adhere to secure practices surrounding the creation, transfer and storage of important election files and data. Our systems save a record of all user actions to the system audit log. These physical, digital and access-level security practices preserve the integrity of election data.
Unique encryption
Our systems use unique encryption keys for every election. This ensures all of our voting machines will only accept USB flash drives programmed for that election and prevents tampering by unauthorized agents.
Signature validation
All data in transit is protected using cryptographic modules that meet the Federal Information Processing Standard (FIPS). This means the signatures of all files throughout the entire election process are validated each time a file is accessed.
Independent testing
Federally accredited independent labs thoroughly test all of our voting systems for integrity and transparency. These labs provide an unbiased assessment of the system’s capabilities and hold us accountable to federal regulations.
How we test our voting systems.
Our systems are tested according to guidelines set by the federal Election Assistance Commission (EAC). According to the EAC, its purpose is “to independently verify that voting systems comply with the functional capabilities, accessibility and security requirements necessary to ensure the integrity and reliability of voting system operation, as established in the Voluntary Voting System Guidelines (VVSG).” The ES&S testing protocol also involves testing by independent, accredited laboratories and employ encryption and digital signing for all data in transit using cryptographic modules that meet the Federal Information Processing Standard.
More about election security.
If you have a comment about election security or would like to report an issue, potential vulnerability or bug to us, please contact us by using the following email address: [email protected]. Your comments will be kept confidential, and a member of our security team will follow up with you.