The integrity of our election process has been the focus of many in recent years.  There is little argument that ensuring the reliability of our voting process is integral to the survival of our republic.  Regardless of jurisdiction, our voting process should be secure from hacker breaches and data manipulations.  Apparently, it’s not.  A recent article in The Washington Post pointed out that outdated software in voting machines across the nation’s 10,000 election jurisdictions has created a vulnerability that can be exploited and therefore, is placing our democratic process at risk.  The article said that old operating system software will no longer be updated by the company that originally provided it, leaving our election machines, and the integrity of the entire election process, vulnerable to computer bugs and the hackers that would exploit them.  As a tax-paying American, I was flabbergasted to learn that many of these machines and their soon-to-be outdated software, were purchased post-2016 Federal election!  Really!  The article caused me to think about vulnerabilities to our voting system and possible fixes.  We might start by purchasing future machines with contract language that assures software updates throughout the machine’s lifecycle.  But, would we replace all machines across the 10,000 jurisdictions?  No.

Protecting Business Processes from the Insider Threat

I am a retired Federal executive and military officer with 37 years of experience in law enforcement, security and intelligence.  I’m currently employed by a software company that provides automated business enterprise and data management solutions for Federal customers.  Recently, I became aware through a former Federal colleague of a new cyber security technology his company is offering that may be a game-changer.  Hacking, malware and mischief can be introduced to a computer through software, firmware, and its many processors.  It’s not just the software. This technology provides a next-level security application beyond firewalls, encryption, system configuration certifications, and internal auditing.  In addition to ensuring the integrity of software generated data, it ensures a computer’s proper condition.  Our company is pairing this new technology with our automated business enterprise solution to provide an enhanced layer of data security.  Firewalls, encryption and spotty auditing are simply inadequate to protect against an increasingly complex Insider Threat.

Can the Machine be Trusted?

My colleague clarified to me that the issue is not just a question of the old software on the election machines being vulnerable as the article points out, although that is one risk.  It is instead, a broader question over the “state of the machine” on which the software resides.  Has the software been tampered with?  Are the configuration files updated and uncorrupted?  Is the processor of the machine functioning properly?  Can the machine be trusted?  He pointed out to me that manufacturers of small computers and operating system software do not include comprehensive tools to continuously monitor the “machine state”.  Without continuous feedback from each machine to election officials that the “machine state” is proper and contiguous, this may be false.  If officials want to know with mathematical certainty that each election machine, including those questioned in the article, are as they should be, tools to continuously monitor the “machine state” should be employed.  With this technology, officials would be alerted if data or a key aspect of a machine had changed—perhaps by hack, malware, anomaly or malfunction.  Of course, there are many applications for this new technology beyond voting machine integrity, including protections against the Insider Threat across industry and government.  As an American, I believe we can ill afford to get this wrong moving forward.  This technology can be applied to voting machines across the 10,000 jurisdictions, adding a new layer of integrity not previously realized.  Can we help protect your systems?

About Next Phase Solutions

Christopher R. Sharpley is the Managing Director of Federal Practice at Next Phase Solution, LLC (NPS), a woman-owned small business that offers software architecting, design and consulting, and deploys configurable content management solutions.  NPS uses discovery methods and modeling that assist managers envision a more efficient way to automate data driven business processes and obtain demanding data analytic objectives.  NPS can seamlessly integrate multiple legacy data systems into one interface, while securing all data at rest and in transit.  Our solution is 100% developed in the USA and is cloud/or on-premises friendly.  Your proof-of-concept solution can be developed to evolve with changing project requirements and customer needs, and at lower costs.  On the GSA Schedule, Next Phase Solution, LLC, is ready to assist CDOs expertly manage data driven missions into the future.  Contact us at (407) 440-1411 for a demonstration, visit our website at www.npsols.com, or email Christopher Sharpley, Managing Director of Federal Practice at Christopher.sharpley@npsols.com.

Image by John Mounsey from Pixabay