"Voting Machines Must Be Test Hacked for Certification, Under Proposed Bill"

Lawmakers recently introduced bipartisan legislation to strengthen the cybersecurity of US election infrastructure and boost voter confidence by requiring penetration testing as part of voting machine certification. Senators. Mark Warner and Susan Collins introduced the "Strengthening Election Cybersecurity to Uphold Respect for Elections through Independent Testing" (SECURE IT) Act, which requires the Election Assistance Commission (EAC) to mandate that systems seeking certification undergo penetration testing, allowing researchers to search for vulnerabilities and simulate cyberattacks. Warner noted that the SECURE IT Act would enable researchers to assume the role of cybercriminals in order to identify vulnerabilities and flaws that might not otherwise be discovered. Under the SECURE IT Act, EAC and the National Institute of Standards and Technology (NIST) would accredit entities to conduct penetration testing. EAC must also establish a voluntary Coordinated Vulnerability Disclosure Program for election systems, in which researchers gain access to voting systems to identify and disclose vulnerabilities to the manufacturer and EAC. Discovered vulnerabilities will be submitted to the Common Vulnerabilities and Exposures database after 180 days. This article continues to discuss the SECURE IT Act.

NextGov reports "Voting Machines Must Be Test Hacked for Certification, Under Proposed Bill"