Last month, Rep Spanberger (D,VA) introduced HR 7447, the Strengthening Election Cybersecurity to Uphold Respect for Elections through Independent Testing (SECURE IT) Act. The bill would amend the Help America Vote Act of 2002, by adding to the existing election system certification system a requirement to conduct 3rd party penetration testing of such systems. It would also establish a voluntary vulnerability disclosure program. No new funding is authorized by the legislation.
Moving Forward
Neither Spanberger nor her two cosponsors {Rep Deluzio (D,PA) and Rep Valadao (R,CA)} are members of the House Administration Committee to which this bill was assigned for primary consideration, nor the House Science, Space, and Technology Committee to which the bill was assigned for secondary consideration. This means that there is practically no chance that the bill will be considered by either committee. I see nothing in the bill that would engender any organized opposition. I suspect that it would receive some level of bipartisan support were it considered.
Commentary
While the term ‘penetration testing’ is used in the legislation, it is never defined. I would suggest using the definition of that term found in NIST 800-95 (pg C-3):
“A method of testing where testers
target individual binary components or the application as a whole to determine
whether intra or intercomponent vulnerabilities can be exploited to compromise
the application, its data, or its environment resources.”
For more details about the provisions of this legislation,
see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-7447-introduced
- subscription required.
Posts
No comments:
Post a Comment