FAQ about transmission of unofficial election results.
In some jurisdictions across the country, cellular modems are used to transmit unofficial results from polling places to election headquarters. The decision to use a modem to transmit unofficial results is made by each jurisdiction. These early, unofficial results help the news media report results quickly on election night. Final official results are physically uploaded at election headquarters prior to the final certification of elections.
Below are the most frequently asked questions about modeming and election firewall security.
- Are Election Management Systems (EMS) connected to the internet?
EMS programs run on hardened computer workstations, which are not permitted to be connected to the internet. Election Reporting Manager (ERM) and Electionware, as part of the EMS, are never exposed to the internet. Only the Data Communications (SFTP) server, which sits behind the firewall in what’s known as the DMZ, has any connection to the internet. Results reports and data exported from ERM/Electionware are copied to removable media when transferred outside of the secure EMS for external results reporting.
- How does ES&S protect election management systems that receive unofficial results by modem?
ES&S uses industry best practices to protect the Data Communications server (sometimes referred to as the Results Management System, or RMS) and EMS network segments. This is done through network segmentation, stateful packet inspection, and restricting access to ports and protocols required for secure election night results transmission.Firewalls are configured to only allow inbound connections on the DMZ network segment to traffic required for results transmission using industry-leading network security equipment. No other inbound or outbound connections are allowed based on the firewall configuration’s script tested by Voting System Testing Labs (VSTLs) and certified by states. Furthermore, the firewall is configured to use a VSTL tested and State certified firewall hardware, firmware and configuration script.On the internal network, only the EMS can initiate a data transfer connection to the Data Communications server. This is accomplished via a specific network port on a specific IP address per the certified configuration of the firewall. Per the firewall rules and certified configuration, direct connectivity from the outside (Internet) to the inside EMS network does not exist.
- Who maintains the firewall located at a jurisdiction’s election headquarters?
ES&S performs the initial firewall installation for the majority of our customers who use modem transmission to ensure the firewalls are configured to the certified configuration. Once implemented, the ongoing EMS network administrative responsibility shifts from ES&S to the jurisdiction. By secure design, no remote management access is enabled on the firewall. All management duties must be performed while physically on-site at the firewall location and locally connected to the firewall. Due to the State certified configuration, changes and updates to the firewall are prohibited outside of a state-approved Engineering Change Order (ECO) or new certified ES&S Voting System release. When changes to the firewall are approved by the State, ES&S works with jurisdictions to install the approved changes and confirm the certified functionality of the overall EMS.
- Can a hacker break through a firewall left up and running?
Highly unlikely. One good analogy might be this: a homeowner who invests in all the latest locks and alarm systems but forgets to stop delivery of the newspaper when he’s out of town. Burglars can’t get into the house, but they might try because they can see a potential target. Also, remember that these are unofficial results. The physical ballots and printed results tapes are protected at all times.
- What can jurisdictions do to further increase the security of unofficial modem transmissions?
ES&S strongly recommends that jurisdictions follow the Principle of Least Privilege and only power on and connect the firewall to external telecommunication networks when being tested or when in actual use.
- Does ES&S have plans to make modeming of unofficial election night results even more secure?
Our most recently certified configuration for jurisdictions that wish to send unofficial results on election night incorporates Verizon (Zero Tunnel) Private Network. With Verizon Private Network, neither the firewall nor the Data Communications server in the DMZ are connected to the internet. All transmissions stay on the Verizon Private Network and never connect to the public internet. Only Verizon Private Network certified devices are used in the private network architecture. Verizon Private Networks are specifically designed for high-security applications in critical infrastructure environments. By design, public access does not exist with this architecture, resolving any concerns that your voting system is exposed to outside access. This solution has been tested by federally accredited voting system test laboratories and proven in a number of recent implementations. The Verizon Private Network is available now through Verizon. ES&S is currently working to obtain state certification approval for all of our modeming and regional reporting customers.