{"id":31590,"date":"2018-11-13T17:38:42","date_gmt":"2018-11-13T22:38:42","guid":{"rendered":"https:\/\/digital.hbs.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/"},"modified":"2018-11-13T17:38:42","modified_gmt":"2018-11-13T22:38:42","slug":"the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation","status":"publish","type":"hck-submission","link":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/","title":{"rendered":"The Election Security Challenge: Why Voting-Machine Vendors Resist Open Innovation"},"content":{"rendered":"

Alleged Russian interference in the 2016 U.S. elections challenged the integrity of election systems. In the aftermath, vendors of voting machine systems faced unprecedented public scrutiny. This relatively small industry, with estimated $300 million in annual sales, suddenly needed to respond to public demand for more secure products.[i]<\/a> One large voting-machine vendor, Election Systems & Software (ES&S), faced public pressure for open innovation of its products. Yet ES&S has resisted true open innovation, instead selectively expanding its partnerships to manage security risks. ES&S\u2019s more \u201ccontrolled open innovation\u201d approach reflects the constraints that private companies face when working with the government on national critical infrastructure.<\/p>\n

Public demand for ES&S to provide more transparency has resulted in unsanctioned open innovation of voting machines. In 2017, the world\u2019s largest hacker convention Defcon added a new event \u201cVoting Village\u201d that gave hackers access to voting systems, including ES&S machines.[ii]<\/a> Event organizers acquired these machines through third-party re-sellers without ES&S approval.[iii]<\/a> Voting Village organizers believe this collaborative environment will help companies like ES&S gain important insights into security vulnerabilities. As one organizer explained, \u201cThis is about education, this is about letting more people have facts and experience.”[iv]<\/a><\/p>\n

ES&S is understandably wary of this open innovation. Voting Village opens ES&S existing products to greater security risk, as potential cyber attackers could use the event to plan future attacks on voting machines. More importantly, the event is bad for ES&S business in the short-term by reducing customer confidence in the security of its products. Prior to this year\u2019s event, ES&S informed its customers that the company did not approve of Voting Village.[v]<\/a> ES&S\u2019s primary customers, state governments, share these security concerns. The National Association of Secretaries of State (NASS) recently released a statement criticizing Voting Village.[vi]<\/a><\/p>\n

Despite its reluctance, ES&S is addressing open innovation. In the short term, the voting-machine vendor has taken a \u201clearning from a distance\u201d approach. Two ES&S employees attended the 2018 Voting Village in early August to \u201clearn about any ideas for enhancements to voting security.\u201d[vii]<\/a> Several weeks later, ES&S announced the installation of new advanced threat monitoring systems and a new partnership with DHS to audit ES&S products.[viii]<\/a> These new security efforts suggest the general presence of open innovation has influenced ES&S product development.<\/p>\n

In the medium term, ES&S appears to be moving towards a \u201ccontrolled open innovation\u201d approach to product development. ES&S recently announced new partnerships with several federal government agencies and non-profit organizations, including the FBI and DHS. As ES&S President and CEO Tom Burt explains, \u201cThis multi-layer, comprehensive approach enables ES&S, together with state and local election officials and the federal government, to bring a new level of protection to U.S. elections.\u201d[ix]<\/a> The voting-machine vendor therefore appears to be controlling its open innovation with a select group of organizations.<\/p>\n

Given the annual Voting Village event will likely continue in future years, ES&S should try to collaborate with event organizers in exchange for greater event security. This collaboration would require buy-in from NASS as well to gain state government approval. As the executive director of NASS noted at the 2018 Voting Village event, \u201cAnybody could break into anything if you put it in the middle of a floor and gave them unlimited access and unlimited time.\u201d[x]<\/a> Rather than criticize the current Voting Village event, ES&S and NASS should try to control this open innovation by increasing event security and simulating more realistic election threat scenarios.<\/p>\n

ES&S also could be doing more to selectively partner with organizations that offer additional talent and resources to better innovate and secure election systems infrastructure. Proactive partnerships with for-profit cybersecurity companies like Crowdstrike could provide ES&S with endpoint security and threat intelligence from cyber experts. Collaborative \u201cwar game\u201d exercises with state election officials could help ES&S simulate potential cyber threats to improve cyber response plans for Election Day.[xi]<\/a> The voting-machine vendor should further expand its controlled open innovation to additional organizations.<\/p>\n

The general belief that \u201cmore open innovation is better\u201d does not apply to companies like ES&S. Events like Voting Village could expose voting machines to more sophisticated cyberattacks by malicious actors. Even if ES&S wanted to embrace fully open innovation, the company could face regulatory restrictions from state and federal government. ES&S therefore appears to be taking important steps towards open innovation within the constraints of its public-private partnerships.<\/p>\n

ES&S offers an example of the role open innovation should play in industries working directly with the government on national critical infrastructure. Given limited demand for new innovative products, the voting-machine industry has minimal sales growth, and thus funding, to devote to new product development. Yet where many private companies would turn to open innovation under these circumstances, ES&S cannot given the national security risk.<\/p>\n

(780 words)<\/em><\/p>\n

Sources<\/span><\/p>\n

[i]<\/a> Kim Zetter, \u201cThe Crisis of Election Security,\u201d The New York Times<\/em>, September 26, 2018, sec. Magazine, https:\/\/www.nytimes.com\/2018\/09\/26\/magazine\/election-security-crisis-midterms.html.<\/p>\n

[ii]<\/a> Lily Hay Newman, \u201cTo Fix Voting Machines, Hackers Tear Them Apart,\u201d Wired<\/em>, August 1, 2017, https:\/\/www.wired.com\/story\/voting-machine-hacks-defcon\/.<\/p>\n

[iii]<\/a> Kim Zetter, \u201cIn Advance of the @VotingVillageDC Tomorrow, ES&S Sent a Message to Customers Today with Their Comments about the Hacking Village and the Security of Their Machines. I\u2019ve Pasted Their Memo below, with Some Annotation from Me.Pic.Twitter.Com\/6eQUYuuGJA,\u201d Tweet, @KimZetter<\/em> (blog), August 9, 2018, https:\/\/twitter.com\/KimZetter\/status\/1027725965282050048.<\/p>\n

[iv]<\/a> Newman, \u201cTo Fix Voting Machines, Hackers Tear Them Apart.\u201d<\/p>\n

[v]<\/a> Robert McMillan and Dustin Volz, \u201cTensions Flare as Hackers Root Out Flaws in Voting Machines,\u201d Wall Street Journal<\/em>, August 12, 2018, sec. Tech, https:\/\/www.wsj.com\/articles\/tensions-flare-as-hackers-root-out-flaws-in-voting-machines-1534078801.<\/p>\n

[vi]<\/a> \u201cAnalysis | The Cybersecurity 202: State Officials Bristle as Researchers — and Kids — at Def Con Simulate Election Hacks,\u201d Washington Post, accessed November 12, 2018, https:\/\/www.washingtonpost.com\/news\/powerpost\/paloma\/the-cybersecurity-202\/2018\/08\/13\/the-cybersecurity-202-state-officials-bristle-as-researchers-and-kids-at-def-con-simulate-election-hacks\/5b704ff11b326b02079560ae\/.<\/p>\n

[vii]<\/a> McMillan and Volz, \u201cTensions Flare as Hackers Root Out Flaws in Voting Machines.\u201d<\/p>\n

[viii]<\/a> \u201cES&S Establishes Top-Level Partnerships and Albert Installation to Further Security | Election Systems & Software,\u201d accessed November 12, 2018, https:\/\/www.essvote.com\/blog\/127\/.<\/p>\n

[ix]<\/a> \u201cES&S Bolsters Security for 2018 Mid-Term Elections | Election Systems & Software,\u201d accessed November 12, 2018, https:\/\/www.essvote.com\/blog\/135\/.<\/p>\n

[x]<\/a> McMillan and Volz, \u201cTensions Flare as Hackers Root Out Flaws in Voting Machines.\u201d<\/p>\n

[xi]<\/a> Benjamin Wofford, \u201cThe Hacking Threat to the Midterms Is Huge. And Technology Won\u2019t Protect Us.,\u201d Vox, October 25, 2018, https:\/\/www.vox.com\/2018\/10\/25\/18001684\/2018-midterms-hacked-russia-election-security-voting.<\/p>\n","protected":false},"excerpt":{"rendered":"

Following alleged Russian interference in the 2016 U.S. elections, voting-machine vendors face increasing public pressure for more open innovation of its products to enhance security. <\/p>\n","protected":false},"author":11913,"featured_media":31591,"comment_status":"open","ping_status":"closed","template":"","categories":[4430,845,928,4902,1236,640,4209,4901],"class_list":["post-31590","hck-submission","type-hck-submission","status-publish","has-post-thumbnail","hentry","category-cybercrime","category-cybersecurity","category-elections","category-elections-security","category-federal-agencies","category-government","category-voting","category-voting-machines","hck-taxonomy-organization-election-systems-software-ess","hck-taxonomy-industry-electronics","hck-taxonomy-country-united-states"],"connected_submission_link":"https:\/\/d3.harvard.edu\/platform-rctom\/assignment\/rc-tom-challenge-2018\/","yoast_head":"\nThe Election Security Challenge: Why Voting-Machine Vendors Resist Open Innovation - Technology and Operations Management<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Election Security Challenge: Why Voting-Machine Vendors Resist Open Innovation - Technology and Operations Management\" \/>\n<meta property=\"og:description\" content=\"Following alleged Russian interference in the 2016 U.S. elections, voting-machine vendors face increasing public pressure for more open innovation of its products to enhance security.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/\" \/>\n<meta property=\"og:site_name\" content=\"Technology and Operations Management\" \/>\n<meta property=\"og:image\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/I-Voted-Image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"452\" \/>\n\t<meta property=\"og:image:height\" content=\"452\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\\\/\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\\\/\",\"name\":\"The Election Security Challenge: Why Voting-Machine Vendors Resist Open Innovation - Technology and Operations Management\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2018\\\/11\\\/I-Voted-Image.jpg\",\"datePublished\":\"2018-11-13T22:38:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\\\/#primaryimage\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2018\\\/11\\\/I-Voted-Image.jpg\",\"contentUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2018\\\/11\\\/I-Voted-Image.jpg\",\"width\":452,\"height\":452},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Submissions\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"The Election Security Challenge: Why Voting-Machine Vendors Resist Open Innovation\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\",\"name\":\"Technology and Operations Management\",\"description\":\"MBA Student Perspectives\",\"potentialAction\":[{\"@type\":\"性视界Action\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Election Security Challenge: Why Voting-Machine Vendors Resist Open Innovation - Technology and Operations Management","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/","og_locale":"en_US","og_type":"article","og_title":"The Election Security Challenge: Why Voting-Machine Vendors Resist Open Innovation - Technology and Operations Management","og_description":"Following alleged Russian interference in the 2016 U.S. elections, voting-machine vendors face increasing public pressure for more open innovation of its products to enhance security.","og_url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/","og_site_name":"Technology and Operations Management","og_image":[{"width":452,"height":452,"url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/I-Voted-Image.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/","url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/","name":"The Election Security Challenge: Why Voting-Machine Vendors Resist Open Innovation - Technology and Operations Management","isPartOf":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website"},"primaryImageOfPage":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/#primaryimage"},"image":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/#primaryimage"},"thumbnailUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/I-Voted-Image.jpg","datePublished":"2018-11-13T22:38:42+00:00","breadcrumb":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/#primaryimage","url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/I-Voted-Image.jpg","contentUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/I-Voted-Image.jpg","width":452,"height":452},{"@type":"BreadcrumbList","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/the-election-security-challenge-why-voting-machine-vendors-resist-open-innovation\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/d3.harvard.edu\/platform-rctom\/"},{"@type":"ListItem","position":2,"name":"Submissions","item":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/"},{"@type":"ListItem","position":3,"name":"The Election Security Challenge: Why Voting-Machine Vendors Resist Open Innovation"}]},{"@type":"WebSite","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website","url":"https:\/\/d3.harvard.edu\/platform-rctom\/","name":"Technology and Operations Management","description":"MBA Student Perspectives","potentialAction":[{"@type":"性视界Action","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/d3.harvard.edu\/platform-rctom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/31590","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission"}],"about":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/types\/hck-submission"}],"author":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/users\/11913"}],"replies":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/comments?post=31590"}],"version-history":[{"count":0,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/31590\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media\/31591"}],"wp:attachment":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media?parent=31590"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/categories?post=31590"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}