Two Democratic senators are seeking information from election equipment vendors about whether they have shared details about their voting machines with Russian entities.
Sens. Amy Klobuchar, D-Minn., and Jeanne Shaheen, D-N.H., sent a letter to Election Systems & Software, Dominion Voting Systems, and Hart InterCivic on Wednesday regarding the security of their voting infrastructure.
“Foreign access to critical source code information and sensitive data continues to be an overlooked vulnerability,” the senators said. “The U.S. government and Congress have recently taken steps to address some cyber vulnerabilities, including by banning the use [of] Kaspersky Lab, a Moscow-based cybersecurity firm that has maintained a relationship with Russia’s military and intelligence sectors, from all U.S. government computers. Now, we must also ensure the security of our voting machines and associated software.”
According to a January Reuters report, multiple U.S. tech companies allowed Russian authorities access to their software, which is used by the U.S. government, to search for vulnerabilities. The firms let Russian authorities look over their source code in order to sell in Russia.
The revelations have drawn concern from U.S. officials.
Klobuchar and Shaheen said experts warned the practice could put the security of U.S. government computers at risk, particularly if hostile nations conduct the reviews of the source code.
Twenty-eight of these reviews were allegedly conducted in the last three years.
“We are deeply concerned that such reviews may have presented an opportunity for Russian intelligence agents looking to attack or hack the United States’ elections infrastructure,” they wrote. “Further, if such vulnerabilities are not quickly examined and mitigated, future elections will also remain vulnerable to attack.”
The senators asked the three companies, the largest vendors of election equipment, whether they shared source code or other sensitive information pertaining to voting machines with Russian entities. They also asked whether any software running on their products was shared, and inquired as to what steps the companies have taken to upgrade their existing technologies in the wake of Russian meddling.
“The 2018 election season is upon us,” they wrote. “Primaries have already begun and time is of the essence to ensure any security vulnerabilities are addressed before 2018 and 2020.”
U.S. intelligence agencies concluded Russia attempted to interfere with the 2016 election. The federal government also concluded Russian actors tried to hack into 21 states’ election systems.
