According to a story in Computerworld, the Bush budget proposal seeks to increase the funding for National Institute of Standards and Technology’s core programs by 24%, from $431 million to $535 million. The increased funding in intended to help NIST in the area of information security, including their work on voting system security.
In the story, there is a brief quotation from Bruce Schneier:
Bruce Schneier, founder and CTO of Counterpane Internet Security Inc., said that while NIST does good work in areas such as in voting security, it has no enforcement capability and no way to ensure that its security developments are implemented. He said that he would like to see the federal government use its purchasing power to require companies to meet certain security standards. “We all benefit when a big player uses its purchasing power,” he said.
Schneier is right on both fronts: NIST has been doing good work, and has started out some useful research agendas on voting system security — but there is much, much more that the federal government can do to insure that the results of such research get incorporated into the marketplace. It will be interesting to hear more about how the research results of NIST on voting systems and voting system security might best be implemented in the near future, whether that will be through a beefed-up standards program, through stronger federal testing and certification, or via some other mechanism.
As I discussed at last week’s AEI-Brookings election reform event, election officials need to concentrate on threat assessment and mitigation strategies, and we need to fix the broken federal testing and certification process.