1、-Beyond the Ballot Box: SecuringAmericas Supporting ElectionTechnology#RSACHow to secureinternet-connectedelection services160 best practicestailored for electiontechnologyTarget audience istechnology providersDeveloped with thehelp of electionofficials andtechnology providersNon-Voting Election Tec
2、hnology Best PracticesExposure to morethreatsVote CaptureVote TabulationSignificant impact onvoter confidenceElection Management SystemVery few existingstandardsElectronic Ballot DeliveryE-PollbooksVoter Registration SystemElection Night ReportingInternet ExposureOrganization and StructureTechnology
3、 AreasProfile Levels321StructureTechnology AreasBest PracticesDescriptionBackgroundThreatsRecommendationsDescriptionElection TechnologyApplicationGovernanceElection NotesDenial of Service Example1.1.3 Deny Communications with Known Malicious IP Addresses1.3.4 Install the Latest Stable Version of Any
4、 Security-Related Updates on All Network Devices1.5.1 Establish and Maintain Effective Partnerships With Your Upstream Network Service Provider1.5.2 Port and Packet Size Filtering11.5.7 Set Up Out-of-Band Communication for DDoS Response1.5.3 Enable Firewall Logging231.5.5 Configure Devices to Detect
5、 and Alarm on Traffic Anomalies5.4.2 Assign Job Titles and Duties for Incident Response1.5.4 Configure Perimeter Devices to Prevent Common Types of Attacks1.5.6 Establish DDoS Mitigation Services With a Third-Party DDoS Mitigation Provider3.2.12 Deploy Web Application FirewallsRansomware Example1.4.
6、5 Ensure All Backups Have at Least One OfflineBackup Destination1.1.4 Deny Communications with KnownMalicious IP Addresses2.3.1 Utilize Centrally Managed Anti-MalwareSoftware1.1.6 Deploy Network-Based IDS Sensors1.4.1 Ensure Regular Automated Backups1.4.2 Perform Complete System Backups1.4.4 Protect
7、 Backups14.1.1 Maintain an Inventory of Sensitive Information4.1.2 Remove Sensitive Data or Systems Not RegularlyAccessed by the Organization1.4.3 Verify Data on Backup MediaAnti-Exploit Technologies231.1.7 Deploy Network-Based IntrusionPrevention Systems2.4.3 Ensure the Use of Dedicated Administrat
8、iveAccounts2.3.3 Enable Operating System Anti-Exploitation Features and Deploy4.2.5 Segment the Network Based on Sensitivity1.1.2 Scan for Unauthorized Connectionsacross Trusted Network Boundaries2.3.7 Deploy a Host-Based Intrusion Detection System4.1.4 Monitor and Detect Any Unauthorized Use ofEncr
9、yption1.4.6 Verify Complete System RecoveryUnauthorized Data Modification Example1.6.7 Leverage the Advanced EncryptionStandard (AES) to Encrypt Wireless Data3.1.2 Use the Latest Best Practices for Identifying andAuthenticating Users2.2.1 Run Automated Vulnerability ScanningTools3.1.3 Use Best Pract
10、ices for Securely Handling Inputand Output12.2.5 Deploy Automated Software PatchManagement Tools3.1.4 Deploy Appropriate Access Control Mechanisms4.2.2 Digitally Sign Sensitive Information in Transit2.4.2 Change Default Passwords4.3.1 Follow Secure Configuration Guidance for CloudStorage3.1.1 Store
11、and Communicate Data Securely1.4.3 Verify Data on Backup Media3.2.16 Use Standard Hardening ConfigurationTemplates for Databases232.2.2 Perform Authenticated VulnerabilityScanning5.1.3 Require Multi-Factor Authentication2.5.4 Use Write-Once or Formatted Media1.1.9 Deploy Application Layer FilteringP
12、roxy Serverinto Sensitive Systems3.2.14 Deploy Web Application Firewalls (WAFs)1.4.6 Verify Complete System Recovery4.2.9 Enforce Access Control to Data throughAutomated Tools2.5.8 Use USB Write Blocker to Transfer DataVerifying Election Technology withRABET-VRABET-V: Rapid Architecture-Based Electi
13、on TechnologyVerification#RSACWhat is RABET-VRABET-V is an election technology verification process thatsupports rapid product changes by designInformed by our community of election stakeholdersUses a risk-based approach to verifying product revisions, wherethe risk estimate is based heavily on the
14、product architectureand the providers software development processes.Leverages modern software development, testing, anddeployment processesRABET-V Process FlowRABET-V is a total of seven activities,five of which are conditional activitiesRepeated for initial review andsubsequent product revisionsTh
15、e extent to which activities areused for each revision is basedon the scenario and the risk associatedwith the product changesRABET-V Initial ReviewUnique product Testing Rules aredetermined based on riskThe Architecture Review, ProcessAssessment, and Security ClaimsValidation activities provide ass
16、ertionsabout the systems construction whichinform the Testing RulesDeterminationTesting Rules determine how to testproduct changesProcess AssessmentFocuses on developers softwaredevelopment lifecycle processesProduct changes resulting fromorganizations with more matureprocesses will be considered lo
17、werriskMore reliable process artifacts makeRABET-V testing more streamlinedArchitecture ReviewResults in assertions about how thesystem should be tested System Software Security DataWell-architected solutions will resultin the maximum amount ofassertions and shorter verificationcyclesSecurity Claims
18、 ValidationLooks at the claims made about theproduct securityValidates claims and keyarchitectural elements supportingthe claimsValidated claims are published at theend of each iterationTesting Rules DeterminationBuilds a set of Testing Rules toachieve the most rapid, flexible, andreliable testing o
19、f product revisionspossible given the productarchitecture and providersprocessesMatches test methods with changetypesProduct Verification and ReportingTest Plan created from Testing RulesTest Plan is more streamlined forsmall, low-risk change setsWill leverage product developmentartifacts when possi
20、bleReporting on product goals,expected usage, validated securityclaims, and verified product changesRABET-V ProvidesRapid testing of many product revisions, allowing products to innovate andmaintain proper security patchesRe-verification of product changes at a minimum costIncentives for high-qualit
21、y, modern system architectures that are more resistant toattacks and more resilient in recoveryIncentives for technology providers to have robust, risk-mitigating softwaredevelopment processesIncentives to update in smaller, more manageable cycles, more accuratelyreflecting the modern age of softwar
22、e developmentA consistent basis from which approval authorities (namely states) can drawinformation, resulting in quicker decisions and reduced, amortized overall cost.RABET-V Pilot ProgramLaunched in February 2020 Steering Committee Federal agencies, states election officials, vendors Technical Adv
23、isory Committee industry expertsDeveloping our Working ModelGet the latest information on our project hub: https:/ Pilot Program QuestionsWhat are the time and cost expectations for each activity duringthe initial and subsequent iterations?What is the best way to conduct architecture reviews and are
24、they are risk-informing as we propose?What is the best way to conduct process assessments and arethey as risk-information as we propose?What is the best approach to a long term RABET-V process?Apply What Youve Learned TodayNext week you should: Learn and adopt the security best practices for non-vot
25、ing election technology Begin to follow the RABET-V pilot at https:/ the first three months following this presentation you should: Understand how to secure your election technology and begin implementingmissing controlsWithin six months you should: Review the RABET-V pilot program reports Prepare your product for RABET-V21Thank You#RSAC
