Cyber Security Public Working Group
|
Table of Contents | Useful Links |
|
GETTING STARTED
HELP
VVSG 2.0 DRAFT REQUIREMENTS
DEVELOP VVSG PRINCIPLES AND GUIDELINES
LINKS
|
Purpose
The new VVSG is a nimble set of high level principles that will be supplemented by accompanying requirements for how systems can meet the new guidelines and obtain certification. The supplemental requirements will also detail test assertions for how the accredited test laboratories will validate that the system complies with those requirements.
The new VVSG structure is anticipated to be:
- Principles: High level system design goals;
- Guidelines: Broad description of the functions that make up a voting system;
- Requirements: Technical details necessary for manufacturers to design devices that meet the principles and guidelines of a voting system;
- Test Assertions: Technical specifications required for laboratories to test a voting system against the requirements.
The NIST Voting System
CyberSecurity Working Group is for the discussion and development of guidance for voting system cybersecurity-related issues, including various aspects of security controls and auditing capabilities. The guidance will inform the development of requirements for the Election Assistance Commission (EAC) Voluntary Voting System Guidelines (VVSG).
Objectives
- Identifying Security Objectives and Principles
Main Topic: SecurityObjectives
Identify critical high-level voting system security objectives to structure our work. Examine related requirements from the VVSG 1.1, the draft VVSG 2.0, and other general computer security guidelines to help us develop the list of objectives.
- Investigate Priority Election Use Cases (Complete)
Main Topic: UseCasesSecurity
Initial topics include:
- Electronic Pollbooks
- Ballot Delivery
- Ballot-on-Demand
- Ballot Marking
- Auditing
- Election Night Reporting
- Collect/Develop Best Practices
Main Topic: SecurityBestPractices
Provide election officials with security best practices tailored for voting systems, identifying actionable security controls and procedures that can be implemented by jurisdictions.
-
Identifying and Prioritizing Risks
Collect, discuss and analyze information on risks in voting systems in order to identify and prioritize issues that should be addressed in the next VVSG.
VVSG 2.0 Draft Requirements
The following are draft requirements under development, organized by
VVSG 2.0 Prinicples & Guidelines.
Prinicple 2 - High Quality Implementation
Principle 9 - Auditable
- Auditable Requirements (Clean) - Draft, March 22, 2019
- Auditable Requirements (Clean) - Draft, April 23, 2018
- Auditable Requirements (Tracked Changed) - Draft, April 23, 2018
- Auditable Requirements (Track Changes) - Draft, December 12, 2018
- Auditable Requirements - Draft, December 12, 2017
- Auditable Requirements - Draft, December 1, 2017
- Early Risk Limiting Audit Requirements - Draft, November 17, 2017
- Early Software Independence Requirements - Draft, October 20, 2017
- Early Software Independence Requirements - Draft, October 6, 2017
Principle 10 - Ballot Secrecy
- Ballot Secrecy Requirements (Clean) - Draft, March 20, 2019
- Ballot Secrecy Requirements (Clean) - Draft, April 23, 2018
- Ballot Secrecy Requirements (Tracked Changed) - Draft, April 23, 2018
- Ballot Secrecy Requirements - Draft, January 17, 2018
- Ballot Secrecy Comments - February 1, 2018
- Ballot Secrecy Requirements - Draft, January 5, 2018
Principle 11 - Access Control
- Access Control Requirements (Clean) - Draft, March 21, 2019
- Access Control Requirements (Clean) - Draft, April 23, 2018
- Access Control Requirements (Tracked Changed) - Draft, April 23, 2018
- Access Control Requirements - Draft, February 14, 2018
- Access Control Requirements - Draft, February 1, 2018
- Access Control Comments - February 1, 2018
- Access Control Requirements - Draft, January 17, 2018
Principle 12 - Physical Security
Principle 13 - Data Protection
Principle 14 - System Integrity
- System Integrity Requirements (Clean) - Draft, March 22, 2019
- System Integrity Requirements (Clean) - Draft, April 23, 2018
- System Integrity Requirements (Tracked Changes) - Draft, April 23, 2018
- System Integrity Requirements - Draft, February 14, 2018
- System Integrity Comments - February 14, 2018
- System Integrity Requirements - Draft, January 29, 2018
Principle 15 - Detection & Monitoring
Open Areas:
This is a list of open areas within the VVSG 2.0 draft requirements. The open areas are unresolved topics.
- Ballot Barcodes & Encoding Schemes
- Indirect Voter Associations
- Cryptographic End-to-End Systems
- Use of Wireless Technology (WiFi, Bluetooth, NFC, etc.)
- Internet Connectivity
VVSG 2.0 DRAFT Testing Strategies
We will develop testing guidance for the VVSG 2.0 security requirements.
Methodology document for developing testing guidance.
PA VOTING SYSTEM SECURITY STANDARD: This document is Attachment E to the Directive for electronic voting systems by Pennsylvania's Department of State. It includes test specifications for testing and analysis of Pennsylvania's voting systems.
Analysis of the 2007 VVSG DRAFT Recommendations
Copies of draft and final gap analysis documents are located here.
Auditability
Ballot Secrecy
System Event Logs
Communication Security
Physical Security
Cryptography
Setup Inspection
Software Installation
Access Control
System Integrity Management
Potential Areas for Voluntary Best Practices for Security
In no particular order:
Logistics
Meeting Information:
Cybersecurity Working Group Call Please join my meeting from your computer, tablet or smartphone.
https://global.gotomeeting.com/join/790412477 You can also dial in using your phone.
United States: +1 (571) 317-3122
Access Code: 790-412-477
The schedule for the Working Group is:
Every Friday from 2-3:30pm.
(Schedule updated 06/07/2019)
The first NIST Voting System
CyberSecurity Working Group teleconference was on August 11th, 2016 from 11:00AM-12:00PM Eastern Time.
Officers
Chair
Name: David Wagner
Email: daw@cs.berkeley.edu
Affiliation: Univ. of California, Berkeley
Agency Lead
Name: Gema Howell
Email: Gema.Howell@nist.gov
Affiliation: NIST
Members
Participation in this Working Group is open to all interested parties. There are no membership fees.
List of regular telecon participants include, but are not limited to:
- Gema Howell, NIST
- Jessica Bowers, EAC
- Lynn Garland
- Steven Blachman, Hart
- Aaron Wilson, CIS
- Neal McBurnett, ElectionAudits
- Lauren Massa Lochridge
- Trevor Timmons, Colorado Secretary of State’s Office
- Paul Hain, Election Systems & Software
- Susan Greenhalgh, Verified Voting
- Joel Franklin, ES&S
- John Dziurlaj, Hilton Roscoe
- John McCarthy, Verified Voting
- Marc Schneider, MITRE
- Bernie Hirsch, MicroVote
- Josh Benaloh, Microsoft
- Jared Marcotte, The Turnout
Websites
Wiki URL: http://collaborate.nist.gov/voting/bin/view/Voting/CyberSecurity
Email List
Email List Name: vvsg-cybersecurity
To join the list or find more information about list policies and related procedures, please visit the VVSG Working Group Lists page.
Meeting Archive
Notes from past meetings are available on the
CybersecurityMeetingArchives page.
Relevant Documents
Reference relevant documents here.
Ballot Casting Assurance
: Ben Adida & C. Andrew Neff
Public Evidence from Secret Ballots: Matthew Bernhard, Josh Benaloh, J. Alex Halderman, Ronald L. Rivest, Peter Y. A. Ryan, Philip B. Stark, Vanessa Teague, Poorvi L. Vora, & Dan S. Wallach
DEFCON Voting Machine Hacking Village Report: Matt Blaze, Jake Braun, Harri Hursti, Joseph Lorenzo Hall, Margaret
MacAlpine, & Jeff Moss
In-depth Discussion on 17 Functions from February 2017 TGDC Meeting
: Brian Hancock & Ryan Macias
Voluntary Voting System Guidelines (VVSG) Recommendations to the Election Assistance Commission - 2007: Prepared at the Direction of the TGDC
Evidence-Based Elections
: P.B. Stark & D.A. Wagner
On the Notion of Software Idependence
: Ronald L. Rivest & John P. Wack
A Gentle Introduction to Risk-limiting Audits
: Mark Lindeman & Philip B. Stark
Machine-Assisted Election Auditing
: Joseph A. Calandrino, J. Alex Halderman, & Edward W. Felten
Risks of E-Voting: Matt Bishop & David Wagner
Election Operations Assessment - Threat Trees and Matrices
: University of South Alabama / EAC
Voting: What Has Changed, What Hasn’t, & Why - Research Bibliography
: CALTECH/MIT Voting Technology Project
Voluntary Voting System Guidelines (VVSG) 1.1 - 2015
Voluntary Voting System Guidelines Recommendations to the Election Assistance Commission (Informally VVSG 2.0)