A Procurement Guide for Better Election Cybersecurity

March 22, 2019

INTRODUCTION

Election officials across the country are turning their attention to procurement decisions about what equipment or services their jurisdiction might need going forward. Whether it’s reviewing existing vendor relationships, considering new vendors for existing services, or even deciding whether to seek vendor support for something altogether new, officials face a bevy of difficult choices. The voting equipment and services jurisdictions purchase from vendors can have a substantial impact on the cybersecurity of elections, making these decisions quite consequential.
 
Vendors, of course, sell voting equipment — like optical scan systems, ballot-marking devices, and direct-recording electronic (DRE) machines — and the three largest sellers of voting machines account for more than 90 percent of this market. But vendors also provide a range of other services and equipment, including e-pollbooks, election night reporting and tabulation systems, voter registration systems, ballot preparation services, and preelection logic and accuracy testing. As David Stafford, the supervisor of elections in Escambia County, Florida, told us, “The election vendors that we rely on are an integral part of election administration — they’re critical.”
 
In the face of growing cyber threats and the sophistication of adversaries, local election officials must deploy best practices in the selection and management of election vendors. To that end, this guide provides election officials and policymakers with steps they can take to ensure better cybersecurity from private election vendors.