Synack and the State of Colorado are proud to announce a new partnership to help protect Colorado’s election systems as part of Synack’s Secure the Election campaign before the 2020 presidential election. 

The protection of American elections is front and center for officials nationwide, especially as states have to alter plans for voting to respond to challenges brought about by the pandemic. There’s no doubt that the rigor of election security methods deployed ahead of the vote may have a profound impact on the sanctity of the 2020 election and longer term implications for U.S. democracy.

“Anything that compromises public trust is a threat to the election. Our goal is to make sure the system maintains integrity. Rigorous testing can also act as a deterrent to our adversaries.”  – Dr. Mark Kuhr, Synack Co-Founder and CTO

In a report released earlier this year, The Cyberspace Solarium Commission stated: “The American people still do not have assurance that our election systems are secure from foreign manipulation. If we don’t get election security right, deterrence will fail and future generations will look back with longing and regret.”

As the Cyberspace Solarium Commission emphasized, the importance of upholding U.S. democracy largely falls to the states, which are providing bottom up support and doing their best to uphold our democracy. The strategy that the country is taking is a multipronged and multistakeholder approach. Among the most important pillars of that strategy is “securing critical networks in collaboration with the private sector to promote national resilience and increase the security of the cyber ecosystem,” according to the Cyber Solarium Commission. 

The Colorado Secretary of State is doing just that when it comes to securing elections. As the first state to pilot and then require statewide risk-limiting audits in the country, the first state to publicly support vulnerability disclosure and crowdsourced penetration testing on election systems, and one of the states to actively engage at DEF CON, we can safely say Colorado is paving the way toward increased voter confidence.

In the words of Colorado’s CIO for the Secretary of State, Trevor Timmons, “We have seen numerous examples coming out of the 2016 election and beyond of bad actors that may use any means available to interfere with our democratic process. The threats to our election systems are real. We need to use all our resources to ensure our elections are secure, fair, and that every American’s vote counts.”

Colorado is part of a larger movement toward methods of crowdsourced security testing such as vulnerability disclosure (“see something, say something”) and crowdsourced penetration testing to secure elections. This past fall, the Information Sharing and Analysis Center (IT-ISAC) released an RFI asking for comments on how election vendors could develop CVD and Bug Bounty programs. The market leader in voting machines, Election Systems & Software (ES&S) has been on the cutting edge of this issue. Synack is speaking at Black Hat this year with ES&S on the topic in a talk called “Building a Vulnerability Disclosure Program that Works for Election Vendors and Hackers.” The presentation will likely garner significant attention as it’s a clear deterrent to our adversaries and a signal that crowdsourced methods are gaining acceptance when it comes to election security. 

Synack will be conducting our testing pro bono and hopes that all 50 states will accept our pro bono offer for continuous security testing before the 2020 presidential election. The Secure the Election Program was launched in 2016 in response to nation state adversaries trying to hack our elections. Synack has committed up to $1 million for its Secure the Election Initiative. Staying one step ahead of the adversary is critical amid ongoing threats to our democracy. Synack’s Secure the Election effort takes a hacker’s approach to searching for vulnerabilities in remotely accessible voter registration databases and online voter registration websites.

Posted by Charlie