The integrity of U.S. elections is fundamental to our nation’s identity. Every component of the election system must be secure— from voter registration rolls, to safe ways to vote, and ultimately, reporting an accurate and trusted count.
For 60 years, MITRE has helped government organizations mitigate risk through objective insight free from commercial interest. Using our cutting-edge research and technology capabilities, we tackle the biggest challenges to solve problems for a safer world.
Now, we’re committing our resources to help the election community.
About the Lab
In MITRE’s National Election Security Laboratory (NESL), we analyze the complex network of software, hardware, and processes to improve election security and integrity. Elections have national consequences, but the work happens at the state and local levels, where each jurisdiction maintains and manages its own voter database, polling technology, tabulation, and reporting processes. Sometimes, a single component may have been tested and evaluated for security risks, only to have vulnerabilities arise when it becomes part of a larger system.
Now, in addition to all this responsibility, elections officials must also defend against cyber attacks. It’s a significant challenge.
MITRE can help. Our lab offers a comprehensive systems environment where stakeholders can test the technology that supports their election ecosystems, evaluate them for risk, and emerge with solutions.
MITRE’s National Election Security Laboratory gives state, local, and federal officials a means to maintain public trust and confidence in their election systems.
Where We Focus
To ensure a fair and accurate election, officials must focus on three key areas:
- Assessing Policies and Procedures
- Fortifying Security
- Addressing Misinformation
Our team of experts not only help officials and vendors assess vulnerabilities in each area, but also comprehensively analyze election systems.
Leveraging MITRE’s cybersecurity and analysis expertise, NESL has the capability to conduct comprehensive security testing and vulnerability analysis on the entire election ecosystem, subsets of the ecosystem, or individual components.
NESL works with partners to provide objective analysis of the security of products and related services. NESL provides election officials, vendors, the Department of Homeland Security, the U.S. Election Assistance Commission, and other key stakeholders, a trustworthy, secure, representative, reconfigurable environment in which to place their actual IT and election equipment and software to safely develop risk management options.
- Define and conduct security experiments
- Problem-solve and brainstorm together
- Identify and evaluate potential mitigations
- Determine messaging and timing as a community
- Gain an overall understanding of end-to-end system risks
NESL produces a customized report for the evaluated system that may include elements of people, processes, technologies, and organizational risks, and analyzes data (technical documentation, policies, processes) for overarching trends and guidance for best practices.
State and Local Election Officials
Test before buying or deploying
Identification of gaps/holes in election security system
Better decisions on what to buy and how to connect and operate election equipment with greater security
Insight to resolve gaps before fielding equipment
Greater peace of mind
Ability to efficiently field equipment that is consistently configured for a risk-managed environment
Replicate the particular election security ecosystem to test equipment in its natural environment
Red-teaming IT environment based on the existing and/or desired components
Emulate adversary behavior in context
Simple, straightforward and consistent expert guidance to configure systems more rapidly and more security
Configuration that’s consistent with risk management
Prevent compromises before they start
Thwart bad actors
Save time and money
|Risk analysis in a confidential setting
Election officials receive real world recommendations and options tailored to their specific environment
Recommendations and options tailored to the specific environment – real world actions that election officials can take to strengthen the security of their systems
Independent view and technical advice on what happened and how to prevent it in the future
Avoidance of prospective breaches — Greater public confidence
|Collaborate with customers (States) in an environment that mirrors their own
|Ability to optimize your product’s managed risk profile
Test products pre-launch
Identify and remediate vulnerabilities in a safe and secure place
Expert, independent advice on the security profile of your offering before going to market
All activity is confidential and constructive
|Testing performed by independent experts
|Increased confidence in brand’s security
|A go-to trusted test lab for exception requests for recertification
|Evidence-based decision-making to validate or deny de minimis claims
|Digital forensics – evidence-based expert analysis of the forensics associated with a real or perceived incident (breach, claim of unauthorized change, etc.)
|Increased public confidence and trust in the integrity of elections and government decisions and actions
|Standards and specification development
|Develop standards or specifications based on hands-on experience and real-world use cases
Work With Us
Want to see how our team of analysts, researchers, and election experts can help you ensure your next election is safe and secure? Contact us today to start a conversation.