Election Security
Over the past few years, election security has become even more heightened. The Allegheny County Elections Division and the Department of Information Technology (DIT) are responsible for maintaining the security and integrity of the election process. The county is committed to using all available resources to administer secure elections and frequently relies upon information from the following organizations:
- Federal Bureau of Investigation (FBI)
- Multi-State Information Sharing & Analysis Center (MS-ISAC)
- Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA)
- Private security firms
Timely and vetted information from trusted sources such as these further strengthens the county’s existing elections security and incident management practices, and to quickly and effectively defend against and thwart active threats. While specific and detailed information on security protocols are not publicly shared or available, the following provides general information regarding testing and security measures are completed by Allegheny County during each election cycle:
ElectionWare Software
System software is installed on hardened computers, which are locked down to perform only essential functions required for an election. Hardened computers will not accept an unauthorized USB flash drive, and restricts authorized users to only perform necessary actions.
ElectionWare software will save a record of all user actions to the system audit log. The system uses a unique encryption key for each election. This ensures all voting machines will only accept USB flash drives programmed for that election and prevents tampering by unauthorized agents.
USB Flash Drives
In order to make sure that no viruses or other malware can get into the election networks, there are USB flash drives dedicated solely for election purposes. USB flash drives are used only to shuttle data either from the unofficial network to the county network on Election Day, or from the unofficial network to the official network after the election night tabulation.
Each USB flash drive is used in one direction only; if another file/dataset is needed a new flash drive will be used. USB flash drives that have been used in a previous election are completely wiped and re-formatted before the next election.
Logic and Accuracy Testing
In order to ensure that all scanning, processing, and tabulation equipment is working as expected, the Elections Division conducts a full test of all equipment used on Election Day, at least several weeks before the election. Referred to as Logic and Accuracy testing, the results of the test are then submitted to ElectionWare to ensure that the number of votes is as expected.
DIT is responsible for loading the results of the test scanning, creating reports, ensuring the Elections Division verifies the results are as expected. Once equipment has satisfied Logic and Accuracy testing, DIT will clear the election results so that the system is ready for Election Day. This testing is advertised and open to public observation, although pre-registration is required.
Regional Laptop Testing
DIT performs regional VPN connection tests approximately 2 weeks prior to the election. This is to ensure that the regional laptops are working properly and able to connect to the unofficial network.
Test USB flash drives are used to submit test data to the laptops at each regional location, while additional DIT staff verify that the results were transmitted correctly. All testing is done by trained DIT staff.
Password Changes
To ensure continued security of the equipment and data in the Election Warehouse, passwords on all ElectionWare equipment are changed each election cycle. Password changes include official, unofficial, and regional laptop Windows log-in credentials and passwords. Server passwords are also changed each election cycle.
Air Gap Tests
An air gap is a network security measure employed on one or more computers to establish a secure computer network that is physically isolated from unsecured networks. This includes connections to public internet or an unsecured local area network. Allegheny County has a contract with an outside security agency to perform a network air gap analysis of the election tabulation network.
DIT coordinates the scheduling of the air gap testing with the vendor to guarantee it happens on the day before the election and two days after the election. A report is then issued detailing the tests, and documents security risk mitigation technologies and configurations. These reports provide a roadmap of how to circumvent security measures and potentially compromise the security of the election. The reports from these tests are not published publicly due to the highly sensitive nature of their content.
Post-Election Verification
DIT performs a post-election read of the backup USB flash drives from the DS200 machines. This ensures that the information that was transmitted through the unofficial network on election night matches the results read in from the backup USB flash drives.
Reports are generated from ElectionWare to confirm that vote totals per precinct/contest match the totals from the unofficial network on election night. DIT works with election personnel to address any discrepancies.
Counties also conduct a 2% statistical sample analysis and a statewide risk-limiting audit. Learn more about both efforts on the state's Post-Election Audits webpage.
Parallel Test
The Elections Division has contracted an outside auditing agency to perform an independent test of the voting equipment. The auditor randomly selects a single precinct to test all voting equipment to ensure that the voting machines are working properly.
It is the responsibility of DIT to meet with the auditor after the election to complete the testing and provide the necessary files and documentation to show that the machines worked as expected.
Physical Security Measures
All regional reporting centers are staffed on Election Day with personnel from numerous departments to ensure voting security and integrity.
To gain access to the elections tabulation room in the warehouse, one must have a key card access to or contact within the warehouse for admission.