President and CEO of Election Systems & Software
Hearing on “2020 Election Security –
Perspectives from Voting System Vendors and Experts”
The Committee on House Administration
U.S. House of Representatives
January 9, 2020
Chairperson Lofgren, Ranking Member Davis and Members of the Committee:
Thank you for the opportunity to testify on the vitally important subject of election security. My name is Tom Burt, and I am the CEO of Election Systems & Software. I am in my 12th year at ES&S and have served as the company’s Chief Executive Officer for the last five years. I’m pleased to share with you today how ES&S provides services and products for use by our nation’s elections officials, and I look forward to answering your questions. I am encouraged to see the growing attention to stronger security for elections and thank you for your support of ongoing improvement in this area. We recognize that the process of what makes elections work — including ballot design, voting, tabulating and certifying election results — is not always well understood by those who, unlike you and all of us on the panels today, live it every day. That’s why I’m so pleased you’re holding this hearing and giving us all an opportunity to share what we do and how we do it.’
ES&S headquarters are in Omaha, Nebraska, where roughly half of our 490 employees reside and work. Other ES&S employees live in or near the states in which we provide services and products for our customers. In total, we have employees living in 39 of the 50 states. Our company began as a three-person “startup” roughly 40 years ago, focusing on developing a new way to apply scanning technology to aid counties that chose to tabulate precinct paper ballots at a central election office. Our unique application of this technology helped counties substantially improve the accuracy of initial vote counts and dramatically reduce the amount of time it took for jurisdictions to report results. We began with a single customer in Douglas County, Nebraska, and have grown steadily and mostly organically over time to become a leading provider of election products.
Our four decades of experience serving state and local jurisdictions have taught us that one size most certainly does not fit all. The methods of voting that are desired, or in some cases mandated, vary greatly from state to state and often from county to county. In response to these varied methodologies, ES&S has built our business on the foundation of customer satisfaction by tailoring our services and products to the extraordinarily varied needs and desires of the approximately 10,000 jurisdictions across the United States. Our customers have placed their trust in us time and time again over the last 40 years, and we are committed to continuing to earn their loyalty every single day. As part of that effort, ES&S has maintained a dedicated focus on reinvesting in our business through steady improvements in the quality of our personnel, products and services. Our ability to tailor our offerings to the unique needs of a given jurisdiction has enabled us to service and support major cities with millions of registered voters, as well as our smallest jurisdiction in Western Nebraska with fewer than 350 registered voters.
What never varies, however, is our commitment to ensuring that every vote is counted exactly as the voter intended. That’s why I’m very proud to say that 22 unique ES&S voting system releases have earned federal approval from the Election Assistance Commission (EAC). In order to achieve a federal certification from the EAC, each voting system requires thousands of hours of testing and analysis. Additionally, our systems are evaluated against the best practices of the National Institute of Standards and Technology (NIST) security protocols and standards, as well as the Center for Internet Security’s (CIS) Critical Security Controls. Every ES&S system we field undergoes rigorous testing by independent federally accredited test laboratories. We average more than $2 million in annual spending with these independent test labs alone in support of the certification process.
In light of cyber threats to our nation’s elections ecosystem, we recognize the importance of a paper record, which is why ES&S was the first tabulation provider to ask Congress to pass legislation requiring an auditable paper record of every vote cast. This pillar of election security is so important to us at ES&S that we stopped selling voting machines that do not produce a tabulatable paper record as the primary voting device in any jurisdiction.
We took that step, and many more, because we believe there is nothing more crucial to upholding our nation’s democracy than ensuring every vote is counted as cast.
For more than a year, we have routinely met with members of Congress and their staff to discuss our products, services and commitment to election security, answering questions and providing information. To that point, last March, we drove several of our machines from Omaha to Washington, D.C., for a day-long demonstration of our products to all interested Members and staff. I led the briefing and was accompanied by our chief information security officer and several other senior company officials. This is all part of our ongoing effort to responsibly and actively engage with Members of Congress, the Department of Homeland Security (DHS) and other federal officials to improve election security.
Across the U.S., state and local jurisdictions have chosen to put in place more than 50,000 of our DS200 precinct-level paper ballot tabulation machines and more than 80,000 of our ExpressVote brand of universal voting machines. Every single one of our universal voting machines produces a paper record that can be tabulated and audited. Additionally, each of these machines enable a voter — including a voter with a disability, or a voter who is non-English speaking — to mark their ballot by touching a screen or using an assistive device, and the machine records that vote on paper. Before casting their ballot, the voter has the opportunity to review and verify their selections on that same piece of paper before it is cast as a vote. This paper record provides jurisdictions with the ability to audit every single cast vote and validate the integrity of the results for each election.
We acknowledge the growing concern among American voters regarding election integrity, and we support the increase in attention and dedicated resources coming from Congress, state and local officials, the EAC, and DHS. We embrace our partnerships with these bodies because we believe that collectively we can provide necessary and continuous improvement in election security. While the recent appropriations bill included additional funding from Congress, we believe the federal government needs to devote even more financial resources to jurisdictions that manage elections as part of the critical infrastructure in our country.
We view our role in helping to ensure election integrity with the utmost importance and are honored to do our part by providing elections officials with quality products and services for their use in conducting secure elections.
We have taken many important steps since 2016 to bolster the security of our voting solutions. We’ve organized these actions into four categories and note that while the list is long, it is only a sample of the many actions we’ve taken.
1. We have taken several internal actions to strengthen our people and processes:
- In early 2018, we put in place an executive-level chief information security officer who has actively led improvements on several fronts related to security, not just within our company but across the industry.
- We have enhanced the physical security of our company locations and have, thereby, improved the safety and security of our employees, as well as the assets we protect for our
- We have enhanced our cybersecurity posture and awareness, including regular scans of our public-facing web presence that are performed by DHS.
- Key leadership in our company has obtained national security clearances, allowing us to attend briefings regarding potential threats to the nation’s election infrastructure.
- As standard procedure, we conduct thorough and pervasive penetration testing of our hardware and software using the same modern security tools hackers utilize to make sure our equipment is secure before it ever reaches our customers.
- We adhere to the recommendations made in 2018 by DHS in their publication titled, “Incident Handling Overview for Election Officials,” which instructs election entities on how to inform DHS about cyber-related incidents.
- ES&S has a mature, tested incident response policy and process whereby our internal team of subject-matter experts triages potential cyber incidents. Should circumstances indicate the reporting of the incident to government officials, we follow DHS guidelines for alerting the appropriate agencies.
- In 2018, we launched a series of “Secure the Vote” educational training seminars with our customers that focus on cybersecurity protections and have conducted these sessions in 12 states so far.
2. We have continued to invest in product enhancements to further secure our voting system solutions:
- ES&S protects voting system data by implementing industry-leading encryption modules and locking down internal memory to prevent tampering.
- We have implemented two-factor authentication using Microsoft’s BitLocker, requiring users to have both a password and a physical device to access the features of the election management system.
- ES&S has improved the hardening of our election management systems by following the Defense Information Systems Agency Security Technical Implementation Guides (“DISASTIG”), thereby making the systems single-purposed for elections functions only.
- We have developed protections to ensure that each system we sell allows every voter the ability to review their printed vote selections before casting their ballot; a necessity for
supporting risk-limiting audits.
- Our systems employ enhanced user access controls following the Principle of Least Privilege, so that user access is restricted only to the functionality that is required.
3. We have increased our involvement and coordination with federal agencies and other vendors to improve security:
- ES&S was the first tabulation provider to travel to East Greenbush, New York, to learn how the Center for Internet Security (CIS) assists in protecting elections, and subsequently became the first tabulation provider to join the newly created Election Information and Sharing Analysis Center (EI-ISAC) as a supporting member, allowing us to obtain – in realtime – the same information received by the nation’s election officials regarding potential threats, as well as best practices.
- We are founding members of the newly created Election Special Industry Group (E-SIG), housed as part of the IT Information and Sharing Analysis Center (IT-ISAC), whose mission is to improve the safety of our voting systems. As a result, members help their companies improve their incident response through trusted collaboration, analysis and coordination. The group also helps drive decision-making by policymakers on cybersecurity, incident response and information sharing issues.
- ES&S leadership served as vice chair of the Sector Coordinating Council (SCC) during its inaugural year, dedicating countless hours to standing up the first-ever council of its kind for elections under the auspices of the nation’s Critical Infrastructure Framework.
- ES&S currently continues in its leadership role in the SCC, with our chief information security officer serving as its current chair.
- During national general elections, ES&S has a physical presence in the situational awareness room hosted by DHS in Washington, D.C., which allows us to share information in real-time.
- We have participated in both annual DHS national tabletop exercises, and also invited DHS to Omaha, where they led a led tabletop exercise for employees at our company
4. ES&S works with recognized, independent experts in testing:
- We have sought out and undergone independent third-party testing, including penetration and full security testing by the Idaho National Laboratory, performed in partnership with DHS.
- We were the first provider to work with DHS and CIS to put in place Albert sensors to monitor the platforms that we host for applicable state election offices. Albert is a unique network security monitoring solution that provides continuous remote monitoring and delivery of automated alerts regarding both traditional and advanced network threats for state and local jurisdictions, allowing election jurisdictions and ES&S to quickly respond when data may be at risk.
- ES&S’ internal staff receives, evaluates and acts upon, as necessary, vulnerability reports received from software manufacturers, cybersecurity researchers and other third parties.
- ES&S engages an independent third party to regularly test samples of the components in our voting equipment that are Programmable Logic Devices (PLDs) – we do this to validate the security of our supply chain and ensure that no back-door tampering has occurred.
While the list is long, the actions are continuous, ongoing and dynamic. For example, we are actively participating — along with academics, election officials, federal agencies and the EAC — in the creation and formation of the most recent voting system test guidelines, the VVSG 2.0. Even though these standards have yet to be formally adopted, all our products are designed, without compromise, to meet the latest and ever-evolving principles in security, accuracy and reliability.
We strive for continuous improvement in all facets of our business, and we embrace our role as a leader in our industry. As I mentioned earlier, ES&S was the first provider to publicly state it will no longer sell a primary voting system that does not provide an auditable paper record. We strongly support post-election audits and believe that a true audit requires a physical paper record that can be both tabulated and subsequently audited. We support the EAC receiving the financial and administrative support needed from Congress to bolster the federal testing and certification program by conducting additional and more rigorous penetration testing of voting systems from all vendors who endeavor to service and support elections across America. This testing must become mandatory for elections providers and must be managed at the federal level with standards and testing methods that are applied evenly and diligently to equipment from all providers. Attached to this statement is a published op-ed I wrote that supports these suggested federal mandates.
Let me also be very clear that we do not believe we are perfect or invincible. On rare occasions, mistakes are made, a machine falters, or a human error is uncovered. Our reaction to any problems that occur is swift and comprehensive. Our record makes clear that working with the relevant local officials, we immediately seek to identify the potential problem, send in a team of experts to consult with the customer, and do everything possible to remedy the issue and ensure that final election results are reported accurately.
Our dedication to the protection of American’s votes will not stop. We are working with our fellow providers, in conjunction with the IT-ISAC, to create the nation’s first Coordinated Vulnerability Disclosure Program (CVDP) for elections equipment, designed to provide for even greater independent testing of voting systems using ethical hackers.
Our focus is equally sharp toward the protection of the individual components that make up our systems. A global supply chain is an economic reality for manufacturers in today’s world. That’s why ES&S partners with contract manufacturing companies who utilize DHS supply chain security programs such as the Customs-Trade Partnership Against Terrorism (CTPAT) program and the Authorized Economic Operator (AEO) program to support supply chain security. All final hardware configuration of ES&S voting machines is performed exclusively in Omaha, and all tabulation firmware and software are not only housed domestically but are also written exclusively inside the United States of America.
Product sustainability and stringent security controls are the driving force in maintaining a strong supply chain. We choose long-life industrial-grade components to ensure we maintain parts availability for the life of our products, which typically span a minimum of 10 years and often are in use for 15 to 20 years. ES&S voting machine components are produced in ISO-9001 manufacturing facilities, and the entire voting system is managed by a secure engineering change order control process. Every unit is individually serialized for complete traceability, and we conduct frequent audits and document proof that we are producing the product to its design specifications. ES&S involvement covers the entire product lifecycle, from the initial design to end-of-life.
While elections officials most certainly recognize the importance of each and every election, they know the significance of the 2020 general election and are working tirelessly to ensure a secure and trouble-free election. Our support of these election officials is essential to their success, as many of our customers either have recently installed or will be installing new equipment in advance of the upcoming election cycle.
To that end, this past November, millions of voters cast their ballots using new voting machines, marking a first-use for tens of thousands of pieces of equipment — the largest set of
implementations since the Help America Vote Act was enacted in 2002. Last year, officials in nearly 150 jurisdictions nationwide installed new ES&S paper-based voting systems in advance of the November 2019 elections. In these jurisdictions, elections officials put in place more than 30,000 new fully accessible universal voting machines and more than 7,500 new precinct-level ballot tabulation machines.
While we are very proud of the actions we have taken to date in support of safe and secure elections, we recognize that this is a race that has no finish line. ES&S is committed to continually enhancing the security of our products for the long run. We take nothing more seriously than our role in supporting our nation’s democracy.
Thank you for your time and attention.