Unisyn’s Security Statement
At Unisyn Voting Solutions, Inc. we are dedicated to helping government institutions and private entities optimize their election programs and provide best-in-class service. Our innovative approach enables us to deliver election systems and products that are secure, auditable, flexible and transparent.
​
Unisyn has always been an industry leader in the development of secure election solutions. Not only was the system designed from the ground up to meet the security requirements of the U.S. Election Assistance Commission (EAC) Voluntary Voting System Guidelines (VVSG), but we have the only certified digital scan voting system built with Java on a streamlined and hardened Linux platform.
​
Linux and Unix-based operating systems have less exploitable security flaws known to the information security world. The tech community, which is a critical component of its increased security, reviews the Open Source Linux distributions. By having such broad oversight, there are generally fewer vulnerabilities, bugs and threats. Additionally, through customization to the Linux, packages and services that may present vulnerabilities can be completely removed, not just disabled. The variability of configuration and installation, as well as the outright removal of functionality makes the Linux systems much less vulnerable to exploitation, as well as increasing performance.
​
Cybersecurity
​
Since 2016, Unisyn has taken full advantage of the wide variety of cyber services offered by DHS. These cybersecurity service offerings include:
​
-
Voluntary participation in the National Cybersecurity Assessment
-
Cyber Hygiene Vulnerability Scan
-
Risk and Vulnerability Assessment
-
-
Unisyn is the first vendor to supply an “end-to-end” voting system to DHS to perform extensive vulnerability and penetration testing on voting system. (Click here to read CISA Director Krebs letter to Unisyn.)
-
​
In July of 2018, Unisyn became the first DHS election industry partner to undergo this testing. During the National Cyber Assessments and Technical Services (NCATS) Product Cybersecurity Assessment, a cybersecurity research team from Idaho National Labs (INL) performed a cybersecurity assessment of the Unisyn election system that was completed on October 31, 2018. The purpose of the assessment was to understand the functionality of the system in relation to the current cybersecurity risk assessments, and make recommendations to address these items in the interest of protecting the critical infrastructure controlled by Unisyn election systems from a cyber or physical attack. The test protocol was based on a set of assessment targets developed in conjunction with Unisyn and DHS program personnel.
​
In 2019, Unisyn completed a DHS scan of our internal network; and undertook a companywide DHS sponsored Phishing Campaign Assessment.
​
In 2019, Unisyn also provided cybersecurity training and certifications for all dealers nationwide as well as one of our county customers in the State of Missouri.
​
Unisyn’s newest effort to enhance the security of our products and services is the development of a foundational vulnerability assessment program. This policy will allow Unisyn to begin working with the research community to develop a solid program to assist in finding and addressing potential vulnerabilities to our products. Follow the link below to see the Vulnerability Disclosure Program Policy.
​
Election Researcher Security Forum Pilot Event
On September 20, 2023, the Information Technology - Information Sharing Analysis Center (IT-ISAC) hosted the Election Security Research Forum, a first ever pilot event with the goal of further strengthening the U.S. election process. Hosted at MITRE Corporation, this program culminated 5 years of planning by the IT-ISAC’s Elections Industry Special Interest Group (EI-SIG) and an independent advisory board composed of security researchers, security companies, nonprofits, and former state and local election officials.
As part of the forum, election technology manufacturers provided trusted security researchers access to modern election technology with newly developed but not yet fielded configurations of resident software under the principles of coordinated vulnerability disclosure (CVD). Along with Unisyn, Elections Systems & Software (ES&S) and Hart InterCivic provided technology to the researchers.
Unisyn and the other technology providers believe that the event built a strong foundation of trusting relationships between security researchers and election technology providers, and provided the proof of concept that future events can morph into fuller CVD programs that will bolster the security and resilience of voting technology in the future. The following report represents Unisyns response to the items noted by researchers during this pilot event. In addition to the items noted in the report, Unisyn acknowledges that researchers were also able to trick the scanner mechanism with a thin long sheet of paper, such as a CVS/grocery store receipt, to accept a ballot without counting it. The receipt needs to be very carefully placed on top of the middle of the ballot while entering it into the machine. The machine senses an invalid ballot and attempts to eject it from the machine but can end up ejecting the receipt instead of the ballot and then accepting the ballot into the box without increasing the electronic ballot count. Unisyn believes this risk is very low given the procedural safeguards in place in poling locations and that the act very carefully adding an additional receipt/thin paper product while inserting a ballot would be noticed by poll workers. Unisyn is also working with our scanner manufacturer to see if we can also upgrade the sensor mechanism.