Election Infrastructure Security

The Registrar of Voters implements physical, procedural, and cybersecurity precautions aimed to prevent outside interference in the election process.

Physical

  • Decentralized systems – voting equipment is stand alone with an isolated server.
    • The server is only accessible by authorized election staff – no other staff has key access to the locked server rack.
    • The election tally room is locked at all times and only accessible through badge access by authorized election staff only – no other staff have unsupervised access to this room.
  • There is no Wi-Fi connectivity on our voting equipment.
  • Barcoded seals, tamper evident seals, cable locks, lock boxes, audit trails, logs, and other procedural safeguards are in place and enforced.
  • Paper Audit trails required – post election verification and audits are required and performed.

*Of special note:  Our voter registration database and voting equipment never share data – how you vote is never connected or associated with your voter registration.  Your voter record only reflects that you appeared to vote and cast a ballot, not how you voted.

Procedural

  • We have training on the security features of our equipment.
  • Our office conforms to the Washoe County Security Policy.
  • Audits and monitoring are performed before and after every election.
  • A Certification Board participates in and verifies pre and post-election audits.
  • Backups and emergency plans are in place for quick reaction to any failure or incidents.
  • We perform system maintenance, monitoring, and reviews to watch for anomalies or suspicious activities or behaviors.

Cyber

  • The voting system must meet or exceed federal election standards and must be certified by the state.
  • We verify the election tabulation and operating software and firmware for authenticity.
  • Washoe County maintains a well trained and certified Cyber Security team, which uses modern technologies and procedures to help to protect Washoe County’s infrastructure from common cyber threats. Washoe County staff and trusted security partners are tasked with monitoring, auditing, responding, and remediating cyber threats.

Memberships - Our membership in these organizations gives us access to resources, newsletters, information sharing, white papers, webinars, trainings, threat alerts and notifications, as well as many other resources that are tremendous asset in our efforts to identify and negate any election infrastructure threats.

  • EI-ISAC (Elections Infrastructure Information Sharing and Analysis Center)
  • MI-ISAC (Multi-State Information Sharing and Analysis Center)
  • HSIN (Homeland Security Information Network)
  • Election Administration Reports
  • Election Center
  • iGO (International Association of Government Officials)
  • NACO (Nevada Association of Counties)
  • CFOA (County Fiscal Officers Association of Nevada)

 

More information about Election Infrastructure Security:

  • Voting equipment was contracted and purchased through a reliable vendor, Dominion Voting Systems.
  • Four points of security back up – Primary and Secondary USB thumb drive, internal memory and VVPAT (Voter Verified Paper Audit Trail).  USB thumb drives are encrypted memory devices for enhanced security.   Votes are never stored unencrypted and are secure from tampering.
  • Access to results storage area is through a secured door with a security seal.
  • System requires authentication through smart cards which require PIN to unlock the encrypted data on the card.  Three levels of users: 
    • Technician (configures the device and loads election files)
    • Poll Worker (used to open poll and export logs-cannot load election files)
    • and Voter (used only for voting session activation)
  • ICX Primes keep log of all activity on the device.
  • ICX Prime voting tablets are standalone.  They are not connected to each other, any networks, or Wi-Fi.
  • ICX Prime does not allow any external hardware to be connected to the tablet during official elections other than what is authorized by election officials during the pre- election Logic & Accuracy testing.
  • System does not allow any external information or link and does not allow any other information other than what is authorized by election officials (which is preprogrammed).
  • Security controls include access through controlled mechanisms using security credentials and authentication of authorized users.
  • Data integrity and confidentiality of security mechanisms that use NIST approved algorithms for software based encryption and decryption of data.
  • Electronic Poll Books contain voter data and are simply a means of checking in voters at a polling location.  It does not retain how you voted because it is not connected to the ICX Prime in any way.
  • Voter Verified Paper Audit Trail (VVPAT) is still part of the process for our post-election audit.  Voters will still have the ability to review their ballot in hard copy form before casting their ballot to ensure accuracy.