Saturday, December 27, 2025

Review – HR 6315 Introduced – Election System Pentests

Earlier this month Rep Valadao (R,CA) introduced HR 6315, the Strengthening Election Cybersecurity to Uphold Respect for Elections through Independent Testing (SECURE IT) Act. The bill would amend the Help America Vote Act of 2002, by adding to the existing election system certification system a requirement to conduct 3rd party penetration testing of such systems. It would also establish a voluntary elections system vulnerability disclosure program. No new funding is authorized by the legislation.

HR 6315 is essentially the same as HR 7447, the Strengthening Election Cybersecurity to Uphold Respect for Elections through Independent Testing (SECURE IT) Act, that was introduced by Rep Spanberger (D,VA) in February 2024; Valadao was a cosponsor of that bill. No further action was taken on that bill in the 118th Congress.

Moving Forward

Neither Valadao, nor his sole cosponsor {Rep Deluzio (D,PA)}, are members of the House Administration Committee to which this bill was assigned for primary consideration. This means that there is not sufficient influence to see the bill considered in Committee. I suspect that there would be some level of bipartisan support for the bill were it to be considered. What is not clear is if there would be enough to see the bill considered by the full House under the suspension of the rules process.

Commentary

While the proposed §231(e) uses the term ‘penetration testing’ it does not provide a definition of that term. I would suggest using the definition of that term found in NIST SP 800-115, Technical Guide to Information Security Testing and Assessment (pg F1):

“Security testing in which evaluators mimic real-world attacks in an attempt to identify ways to circumvent the security features of an application, system, or network. Penetration testing often involves issuing real attacks on real systems and data, using the same tools and techniques used by actual attackers. Most penetration tests involve looking for combinations of vulnerabilities on a single system or multiple systems that can be used to gain more access than could be achieved through a single vulnerability.”

 

For more details about the provisions of the bill, including additional commentary on the definition of penetration testing, see my article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/hr-6315-introduced-election-system - subscription required.

Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
/* Use this with templates/template-twocol.html */