A Democratic U.S. senator is pressing six leading voting machine companies for information on their cybersecurity efforts amid alarm over Russian interference in the 2016 U.S. presidential election.
Sen. Ron Wyden (D-Ore.), a member of the Senate Intelligence Committee, sent letters to six manufacturers of voting systems as well as two voting system test laboratories accredited by the U.S. Election Assistance Commission, asking them for information on their cybersecurity practices and any breaches that have resulted in hackers accessing their data or systems.
The requests come about a week after the Department of Homeland Security notified 21 states that their election systems were targeted by Russian actors ahead of the election. None of the systems targeted were involved in vote tallying.
“I write to seek public answers about cybersecurity threats to our election infrastructure and whether the election technology industry has taken steps to defend against hackers, including those working for foreign governments,” Wyden wrote in near identical letters to the voting tech companies on Tuesday.
“As our election systems have come under unprecedented scrutiny, public faith in the security of our electoral process at every level is more important than ever before,” Wyden wrote. “Ensuring that Americans can trust that election systems and infrastructure are secure is necessary to protecting confidence in our electoral process and democratic government.”
Wyden questioned each company on whether it employs a chief information security officer (CISO); the number of times the company has sought help from an outside cybersecurity firm to audit its product security; and whether it has implemented the National Institute of Standards and Technology’s cybersecurity recommendations for voting systems.
Wyden also wants answers on whether hackers have breached the companies’ systems to gain access to corporate or consumer data.
“If your company has suffered one or more data breaches or other cybersecurity incidents, have you reported these incidents to federal, state and local authorities? If not, why not?” Wyden asked.
Wyden sent letters to Dominion Voting, Election Systems & Software, Five Cedars Group, Hart InterCivic, MicroVote and Unisyn Voting Solutions. In addition, he also sent letters to the voting system test labs Pro V&V and SLI Compliance.
He requested responses by the end of October.
The U.S. intelligence community said in January that Russia directed cyberattacks on systems used by high-level Democratic officials in order to undermine faith in the democratic process, damage Democratic presidential nominee Hillary Clinton and aid Donald Trump’s candidacy.
Officials also said that Russia targeted state and local election systems. While none of the systems targeted were involved in vote tallying, the revelations have nonetheless raised concerns that foreign actors could target election systems in the future with the aim of affecting vote counts.