Supply chain risk is a systematic process for managing supply chain risk by identifying susceptibilities, vulnerabilities, and threats throughout the supply chain and developing mitigation strategies to combat those threats whether presented by the supplier, the supplies product and its subcomponents, or the supply chain (e.g., initial production, packaging, handling, storage, transport, mission operation, and disposal).
In terms of voting systems you must look at the programmers (the staff), the networks that are connected, political bias, foreign countries involved, etc., etc. When we look at these systems there are too many connections to foreign countries. As it stands, your vote has likely gone all over the world allowing numerous opportunities for manipulation.
Report: Supply chain risk management key to election security
By Teresa Nowakowski on
Election cybersecurity could be compromised in the supply chain for voting systems, warns a report published this week by a nonprofit global policy think tank.
The report, published Tuesday by RAND Corporation, advises the use of supply chain risk management that examines players in every step from the design of voting machines to their return after voting in order to secure elections.
In order to protect election confidentiality, integrity and availability, the report authors recommend that election agencies institute a trusted supplier program with a system of certification similar to the Department of Defense’s current contractor compliance requirements. They also suggest election officials analyze the impact of supply chain actors with risk assessment tools, citing one currently in development at the National Institute of Standards and Technology.
The ability of a foreign power to exploit the vulnerabilities of a vendor in a single county in Pennsylvania could have extraordinary repercussions.
Executive Summary
More than 80 percent of voting systems in use today are under the purview of three vendors. A successful cyberattack against any of these companies could have devastating consequences for elections in vast swaths of the country. Other systems that are essential for free and fair elections, such as voter registration databases and electronic pollbooks, are also supplied and serviced by private companies. Yet these vendors, unlike those in other sectors that the federal government has designated as critical infrastructure, receive little or no federal review.
Vendors Present Points of Attack into Election Infrastructure
Private vendors’ central role in American elections makes them prime targets for adversaries. Yet it is impossible to assess the precise level of risk associated with vendors — or how that risk impacts election security. As a 2018 U.S. Senate Intelligence Committee report observed, “State local, territorial, tribal, and federal government authorities have very little insight into the cyber security practices of [election] vendors.”
This limited visibility into vendors includes
- vendor cybersecurity practices (how vendors protect their own information technology infrastructure and data);
- foreign ownership of vendors (whether foreign nationals, or agents of foreign governments, own companies performing critical election functions);
- personnel policies and procedures (whether background checks and other procedures are in place to safeguard against inside attacks);
- cybersecurity incident response (how vendors alert relevant authorities of attacks); and
- supply chains (where parts, software patches, and installations come from; how are they transported; and how they are kept secure).
Source: https://www.brennancenter.org/our-work/policy-solutions/framework-election-vendor-oversight