Significant concerns have been raised about the security of the 2020 United States election. Hundreds of millions of dollars in Federal funding has been made available to state and local governments to improve the security of election systems and remediate vulnerabilities within critical organizations. Congressional hearings have highlighted risks to electronic voting systems and the vendors who manufacture them. Government task forces have been created to address the challenge.
After Congressional testimony was received in January 2020 from Voting System Vendors and experts, BitSight began tracking the security performance of a number of Voting Systems Vendors who together represent a large percentage of the U.S. election infrastructure market. Voting System Vendors are companies that produce electronic voting machines, equipment, software, and services for use in U.S. elections. BitSight continuously collects over 200 billion security events on a daily basis from around the global internet leverage in an automated, non-intrusive fashion, and leverages this data to track security performance of organizations around the world.
Since January 2020, BitSight has observed steady improvement in security hygiene among critical Voting Systems Vendors, suggesting that these organizations have made changes to their security programs that have resulted in improvements.
Back in January 2020, the median BitSight security rating of Voting System Vendors was 695. (The BitSight rating scale is from 250-900, with lower scores correlated to breach probability). BitSight observed a number of critical security issues. For example:
Since we first made these observations in January, BitSight has observed improvements in the Voting System Vendors’ security posture. From January 1, 2020 until August 28, 2020, BitSight has observed that Voting System Vendors median BitSight security ratings have improved from an average rating of 695 to an average rating of 745, a 50 point improvement over the timeframe. Because BitSight ratings are the only security rating independently correlated with breach, this measurable improvement means that the group significantly reduced their breach probability during the critical run-up period to the election.
Among the security improvements that BitSight has observed:
Generally speaking, the numbers of observations and findings that BitSight makes about exposed or vulnerable systems for these organizations has reduced over the last year. For example, BitSight observes ports that are exposed to the Internet, known as “open ports.” While certain ports must be open to support normal business functions and few companies will actually have no ports open, the fewer ports that are exposed to the Internet, the fewer openings there are for attack. BitSight identifies particularly risky exposures by categorizing them as “WARN” or “BAD.” There were no more WARN or BAD observations registered after April 2020.
For another example, BitSight evaluates the strength and effectiveness of the cryptographic keys within TLS and SSL certificates, which are used to encrypt internet traffic. Certificates are responsible for verifying the authenticity of company servers to associates, clients, and guests, and also serves as the basis for establishing cryptographic trust. In reviewing certificates of Vendors, BitSight also discovered that “BAD” certificates were nearly eliminated.
A week ago (which seems like a world ago given everything that’s happened with SolarWinds) Phil Venables -- formerly CISO of Goldman Sachs and now CISO of Google Cloud -- posted an interesting expose on security ratings this week. Phil has...
Significant concerns have been raised about the security of the 2020 United States election. Hundreds of millions of dollars in Federal funding has been made available to state and local governments to improve the security of election...
Back in 1990, Hollywood producers imagined a complex plot in which an army of mercenaries with malicious intent hack into and take over the air traffic control system at Washington Dulles International Airport. The result was the classic...
© 2021 BitSight Technologies. All Rights Reserved. | Privacy Policy | Security | For Suppliers
Contact Us | BitSight Technologies | 111 Huntington Ave, Suite 2010, Boston, MA 02199 | +1-617-245-0469