Sign up for our Health IT Newsletter
"*" indicates required fields
A local Board of Supervisors voted unanimously in January 2021 to authorize the Forensic Audit of ballot tabulation equipment; the culmination of a year-long effort to ensure the accuracy of the voting hardware and software used in the local division elections.
SLI Compliance’s team performed analysis of the election equipment’s software and hardware hacking vulnerability, verified that no malicious software was installed, and tested tabulators to ensure there was no information being sent or received via internet.
The election equipment and software passed all tests performed by the SLI Compliance VSTL team.
The forensic audit was conducted on the division’s voting system and included an examination of the following items:
This effort included verification of the following items:
SLI Compliance conducted the forensic audit in a way that maximized efficiencies in examining the election artifacts.
The process included creation of disk images that allowed the examiners to audit and analyze the systems without the risk of changing the original system environments. Once the system media was imaged the examiners were able to mount and use forensic tools to inspect the systems for indicators of internet connectivity, as well as indicators of malicious or unauthorized software present on the systems.
County and Manufacturer mandates require that devices used for elections must be isolated from all non-election-related equipment and connections. To accommodate these requirements, SLI Compliance provided technological capability to block any data alterations to election-related media or resources. They achieved this by using specialized technology designed to prevent changes to the election media throughout the forensic investigation. The Hardware and software tools employed hardware-level, read-only, write-blocking features to eliminate the risk of unintentional changes to election-related media during the audit process. Additionally, the tool came equipped with several write-protected ports, facilitating the secure connection of various types of storage media in a read-only, write-protected fashion.
The tool provided read-only, write blocking technology at a hardware layer, preventing inadvertent modification of election media during the audit. The tool also provided multiple write protected ports that allowed for a wide variety of storage media to be connected in a read only write protected manner.
Examination for Item #1, verification of hashes, included usage of:
Examination for Item #2, checking for malicious software, included usage of:
Examination for Item #3, internet connectivity check, included usage of
Examination for Item #4
SLI Compliance completed the audit of the local election division’s voting system components.
SLI Compliance maintained the integrity of the audited system components by performing a an image of all systems examined by SLI Compliance, except for the two EMS servers. that were live systems. Unused media from original packaging was used to remove or extract data from the live systems. In all instances, when removing or examining system storage media, proof of write back protection was demonstrated to protect the election infrastructure’s air-gapped environment.
Physical examination of the election infrastructure indicated that the physical setup of the systems was arranged so that all network connectivity was clearly marked and delineated. This means that, at any time, observers could examine and determine that the election systems were connected only to authorized networking. Separate cable runs were positioned to clearly identify all network cabling to and from election devices, and cables were color coded for easy identification. In addition, the entire election area was fully covered by cameras that may be used for observing the election process and maintaining a historic record of events on the election processing floor.
While the systems examined showed no malicious or networking related USB devices being
connected, the systems examined didn’t provide a physical or a digital method of preventing unauthorized USB devices to the systems. In this case, policy drives control of USB connectivity.
For the four items being examined,
What we did
I want to thank you again for SLI's independent assessment of Broomfield's election procedures and subsequent development of updated election procedures. SLI's work assisted the City Council greatly in understanding the strengths and weaknesses of existing systems and helped restore confidence in these systems for future elections.
It is with sincere gratitude and appreciation that we unconditionally recommend SLI. Our effort to obtain Meaningful Use Stage 2 Certification for our community health software platform required significant interpretation of the federal guidelines that SLI provided in plain English, on an as needed, and always timely basis. The staff is outstanding and their attitude is nothing less than grace under pressure. To keep it all together, with client after client struggling to interpret often vague federal guidelines, is laudable. The bottom line is that we had a choice, and we went with a recommendation for SLI based on a couple interviews with folks that preceded us, and it turned out to be the best possible decision.
I sought SLI’s assistance in providing information to me on testing practices for the Uniform Voting System (UVS) that the State of Colorado is seeking. I also worked with them as they developed a report for the Colorado Voter Access and Modernized Elections Commission on an assessment of voting system technology in Colorado. The results provided by SLI were valuable and helped the state make key decisions regarding Colorado's UVS strategy. As our project moves forward, we expect to call upon SLI to test one or more proposed systems to meet Colorado Voting System Certification Standards.
The SLI team, in my opinion, was outstanding. I truly appreciated this process and all the guidance they provided. Not only did this team well represent themselves and the expertise they possess, but also well represented the SLI organization. I would highly recommend SLI to anyone...
We are so gratified that our cumulative efforts have yielded the much-needed results. I must hasten to add that the work of the entire SLI team has lent so much credibility to this entire electoral process. For this alone, you have the gratitude of not just this member of the Technical Evaluation Committee, but more likely that of an entire nation.
"*" indicates required fields
"*" indicates required fields