Andrew Regenscheid - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Andrew Regenscheid

Description:

Update on UOCAVA Risk Assessment by ... and estimating information security risks Page ... Threat event Vulnerability Threat source Impact Likelihood Page ... – PowerPoint PPT presentation

Number of Views:32
Avg rating:3.0/5.0
Slides: 25
Provided by: John1853
Learn more at: http://www.nist.gov
Category:

less

Transcript and Presenter's Notes

Title: Andrew Regenscheid


1

Update on UOCAVA Risk Assessment by UOCAVA
Working Group
  • Andrew Regenscheid
  • National Institute of Standards and Technology
  • http//vote.nist.gov

2
Outline
  • Background
  • Risk assessment methodology
  • Sources of data
  • Status update on progress
  • Next steps

3
Background
  • All systems and processes have risks
  • Current UOCAVA Vote-by-Mail (VBM) as baseline
  • We have implicitly accepted risks in the current
    UOCAVA voting process
  • Director Carey has maintained future systems
    should be compared to the current system
  • TGDC accepted task to develop a risk assessment
    on current UOCAVA processes

4
Charge
  • To describe risks in currently-used UOCAVA voting
    processes
  • Vote by Mail (VBM)
  • Electronic ballot delivery via e-mail, fax, and
    web sites
  • Effort should facilitate comparisons between
    different types of risks
  • Future efforts could look at remote electronic
    voting systems, once a system is defined

5
Risks
  • From NIST SP800-30rev1
  • Risk is a measure of the extent to which an
    entity is threatened by a potential circumstance
    or event, and is typically a function of
  • The adverse impacts that would arise if the
    circumstance or event occurs and
  • The likelihood of occurrence
  • A risk assessment is the process of identifying,
    prioritizing, and estimating information security
    risks

6
Methodology
  • Initial step Define current UOCAVA voting
    processes
  • Tailored methodology in NIST SP 800-30rev1, Guide
    for Conducting Risk Assessments (draft)
  • Major contents of risk assessment
  • Threat event
  • Vulnerability
  • Threat source
  • Impact
  • Likelihood

7
Defining Current Processes (1)
  • EAC whitepaper, UOCAVA Registration and Voting
    Processes, April 2011
  • Split UOCAVA Voting into 6 processes
  • Prepare and Submit Voter Registration Application
  • Process Voter Registration Application
  • Prepare and Deliver Blank Ballots
  • Mark and Return Ballots
  • Receive and Process Ballot Packets
  • Count Ballots

8
Defining Current Processes (2)
  • Each process could have several instantiations,
    e.g.,
  • Registration by mail, e-mail, fax, or web
  • Ballot delivery by mail, e-mail, fax, or web
  • For each process, we created flowcharts
  • UML 2 Activity Diagrams
  • Currently only vote-by-mail diagrams are
    completed
  • Activities in each diagram are tagged with an
    identifier

9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
Risk Assessment
  • Diagrams represent the target system of the risk
    assessment
  • Risks may be present at any step (i.e., activity)
    of the processes
  • To describe the risk, we need to identify the
  • Threat event
  • Vulnerability
  • Threat source
  • Impact
  • Likelihood

13
Threat Event
  • A threat event is any event or situation that has
    the potential for causing undesirable
    consequences or impact
  • Undesirable impacts violate one of the following
    goals
  • Correctness of election result
  • Protect voter privacy
  • Maintain public confidence in election
  • Example Blank Ballot is lost or delayed en route
    to voter
  • A threat event involves the exploitation of a
    vulnerability by a threat source

14
Vulnerability
  • A vulnerability is an inherent weakness in a
    system, security procedures, internal controls,
    or implementation that could be exploited by a
    threat source
  • Example Foreign and domestic mail services are
    not fully reliable

15
Threat Sources (1)
  • A threat source is the adversary intending to
    exploit vulnerability, or it is a situation that
    may accidentally or incidentally exploit a
    vulnerability
  • Types of threat sources
  • Adversarial attacks
  • Human errors of omission or commission
  • Structural failures of jurisdiction-controlled
    resources
  • Natural and man-made disasters, accidents, and
    failures beyond the control of the jurisdiction

16
Threat Sources (2)
  • Examples of threat sources
  • Adversarial
  • Hostile individuals and groups
  • Disgruntled election workers
  • Non-adversarial
  • Voters
  • Election officials
  • Postal agencies
  • Natural disasters

17
Impact
  • Impact is a measure of the harm done by the
    occurrence of a threat event
  • Qualitative measure of two factors

Impact
  • Severity
  • How bad is the event?
  • Low/Moderate/High
  • Scale
  • How many voters/ballots are impacted?
  • Small/Large scale

18
Likelihood
  • The likelihood of occurrence of a threat is an
    estimate of the likelihood that a threat event
    will occur and result in an adverse impact
  • UOCAVA voting processes have different types of
    risks, e.g.,
  • System-wide risks that rarely occur
  • Transactional risks that occur frequently
  • We replace likelihood with Occurrences that is,
    how often a given threat event is likely to occur
    in a given state during a Presidential election
    year

19
Occurrences
  • We have a 4-point qualitative scale for
    estimating occurrences

Uncommon (1) Rare The event is very unlikely to occur
Uncommon (2) Unlikely The event regularly occurs in elections, but is unlikely to occur in any given election
Common (3) Infrequent The event is expected to occur a few times during an election
Common (4) Frequent The event is expected to occur many times during an election
20
Risk Assessment Examples
Threat Event Vulnerability Threat Source Activity Severity Scale Occurrence
A voter moves and forgets to inform the LEO of his/her new address Human error- Voters must remember to update their addresses Voter 1A-a High Small (4) Frequent
A marked ballot is lost or delayed by a mail service en route to a LEO Foreign and domestic mail services are not fully reliable Mail services 4A-e High Small (4) Frequent
Batch of marked ballots is lost during processing Loss of physical security LEO 5, 6 High Large (2) Unlikely
21
Data Sources
  • Government reports
  • 2010 EAC UOCAVA Report
  • 2010 FVAP Post Election Survey
  • 2010 Analysis of the Military Postal System
    Compliance with the MOVE Act
  • Other reports
  • Pew
  • Overseas Vote Foundation
  • Experiences/Anecdotal reports from Election
    Officials

22
Status Update
  • Completed activity diagrams for UOCAVA
    Vote-by-Mail processes
  • Identified risks in those processes
  • Currently estimating impact and occurrences of
    each risk

23
Next Steps
  • Complete UOCAVA Vote-by-Mail analysis
  • Conduct risk assessments for blank ballot
    delivery
  • Develop conclusions on major sources of risk in
    current processes

24
Discussion
Write a Comment
User Comments (0)
About PowerShow.com