Skip Navigation
Policy Solution

A Procurement Guide for Better Election Cybersecurity

Summary: In the face of growing cyber threats and the sophistication of adversaries, local election officials must deploy best practices in the selection and management of election vendors. To that end, this guide provides election officials and policymakers with steps they can take to ensure better cybersecurity from private election vendors.

  • Christopher Deluzio
Published: March 22, 2019

INTRO­DUC­TION

Elec­tion offi­cials across the coun­try are turn­ing their atten­tion to procure­ment decisions about what equip­ment or services their juris­dic­tion might need going forward. Whether it’s review­ing exist­ing vendor rela­tion­ships, consid­er­ing new vendors for exist­ing services, or even decid­ing whether to seek vendor support for some­thing alto­gether new, offi­cials face a bevy of diffi­cult choices. The voting equip­ment and services juris­dic­tions purchase from vendors can have a substan­tial impact on the cyber­se­cur­ity of elec­tions, making these decisions quite consequen­tial.
 
Vendors, of course, sell voting equip­ment — like optical scan systems, ballot-mark­ing devices, and direct-record­ing elec­tronic (DRE) machines — and the three largest sellers of voting machines account for more than 90 percent of this market. But vendors also provide a range of other services and equip­ment, includ­ing e-poll­books, elec­tion night report­ing and tabu­la­tion systems, voter regis­tra­tion systems, ballot prepar­a­tion services, and preelec­tion logic and accur­acy test­ing. As David Stafford, the super­visor of elec­tions in Escam­bia County, Flor­ida, told us, “The elec­tion vendors that we rely on are an integ­ral part of elec­tion admin­is­tra­tion — they’re crit­ical.”
 
In the face of grow­ing cyber threats and the soph­ist­ic­a­tion of adversar­ies, local elec­tion offi­cials must deploy best prac­tices in the selec­tion and manage­ment of elec­tion vendors. To that end, this guide provides elec­tion offi­cials and poli­cy­makers with steps they can take to ensure better cyber­se­cur­ity from private elec­tion vendors.