EAC Voting System Risk Assessment

The EAC released the following solicitation:

The Government intends to procure contractor services for a scientifically founded voting system risk assessment to facilitate making informed decisions relative to voting system standards for the US Election Assistance Commission.

As the soliciation states:

In August 2007, the TGDC delivered a set of recommendations for the next version of the Voluntary Voting System Guidelines (VVSG) to the EAC. These recommendations considerably expand the number of security requirements for voting systems. They also introduce several new concepts to be applied in system design and testing. The EAC must decide how to utilize these recommendations as they create the next iteration of the EAC voting system standards. This requires answering the question of how to specify a sufficient level of security protection without requiring disproportionate tradeoffs against other desirable attributes such as ease of use, efficiency of operation, and reasonable cost. At present there is no federal analysis of the security threats to voting systems and the potential resulting harms. Thus there is an insufficient basis for determining what constitutes an acceptable level of risk. Without such a benchmark, it is impossible to make an informed and valid decision on what constitutes a sufficient level of security protection.

To gather input for its deliberations, EAC convened a roundtable of computer scientists to discuss voting system security. The group concluded that no definitive risk assessment model for voting systems currently exists, but one is needed to provide a framework for specifying security requirements. This is consistent with federal information security policy as well as IT industry security practice.

The EAC requires a scientifically founded voting systems risk assessment to facilitate making informed decisions relative to voting system standards. This assessment must encompass the complete range of voting system technologies – paper ballots, optical scan, DREs, web-based, etc. Two products will result from this effort. The first is a recommendation of an appropriate level of assurance for voting systems based on the analysis of threats and risks. The second is documentation of the methodology and models developed so the EAC and other stakeholders can utilize these tools independently without the assistance of specialized experts. These products will assist the EAC and the election community in fostering a broadly-based consensus on a prudent and acceptable degree of risk for voting systems by evaluating trade-offs, running sensitivity analyses, and performing cost-benefit analyses of proposed voting system security requirements.