Source URL: https://news.slashdot.org/story/24/09/01/233234/investigation-finds-little-oversight-over-crucial-supply-chain-for-us-election-software?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: Investigation Finds ‘Little Oversight’ Over Crucial Supply Chain for US Election Software
Feedly Summary:
AI Summary and Description: Yes
Summary: The article highlights significant vulnerabilities in the U.S. election technology supply chain, particularly concerning the offshoring of software development and the lack of regulatory oversight. New Hampshire’s experience with a subcontracted IT firm underscores broader issues related to security and compliance in electoral processes, emphasizing the urgent need for enhanced governance and oversight in election technology.
Detailed Description:
– The Politico report reveals troubling findings regarding the deployment of overseas subcontractors in U.S. election technology, particularly the challenges state officials face in understanding and overseeing the software components they are entrusting with voter data.
– Key points include:
– New Hampshire’s recent experience with WSD Digital, a small IT firm, which offshored part of the work on a new voter registration database.
– The discovery led New Hampshire officials to hire a forensic firm for a security probe, which revealed:
– Software that was misconfigured to connect to Russian servers by accident.
– The involvement of a Russian engineer with a criminal background overseeing open-source code.
– Hard-coding of the Ukrainian national anthem into the database, raising concerns about potential misinformation exploitation during elections.
– Although no evidence of wrongdoing was found, the findings highlighted serious risks where bad actors could manipulate voter rolls.
– Broadly, the article emphasizes a significant oversight gap in election technology, putting state and county offices at risk due to limited financial and technical resources.
– The thin profit margins of election technology vendors inhibit investment in security, making it difficult for states to ensure the integrity and security of the systems essential for conducting elections.
– Progress since 2016 is mentioned, including the establishment of the Cybersecurity and Infrastructure Security Agency (CISA) and improved communication between state and federal officials.
– The article notes that over 95% of U.S. voters now vote on systems leaving a paper trail, which provides an audit mechanism post-election.
Overall, this article serves as a critical reminder of the need for enhanced cybersecurity practices and governance in election processes, emphasizing that both state officials and technology vendors must prioritize security and transparency to safeguard electoral integrity. The findings are particularly relevant to professionals concerned with information security in cloud and infrastructure environments, as the manipulation of software supply chains poses a broad risk to democratic processes.