Unisyn’s Security Statement
At Unisyn Voting Solutions, Inc. we are dedicated to helping government institutions and private entities optimize their election programs and provide best-in-class service. Our innovative approach enables us to deliver election systems and products that are secure, auditable, flexible and transparent.
Unisyn has always been an industry leader in the development of secure election solutions. Not only was the system designed from the ground up to meet the security requirements of the U.S. Election Assistance Commission (EAC) Voluntary Voting System Guidelines (VVSG), but we have the only certified digital scan voting system built with Java on a streamlined and hardened Linux platform.
Linux and Unix-based operating systems have less exploitable security flaws known to the information security world. The tech community, which is a critical component of its increased security, reviews the Open Source Linux distributions. By having such broad oversight, there are generally fewer vulnerabilities, bugs and threats. Additionally, through customization to the Linux, packages and services that may present vulnerabilities can be completely removed, not just disabled. The variability of configuration and installation, as well as the outright removal of functionality makes the Linux systems much less vulnerable to exploitation, as well as increasing performance.
Unisyn also makes its code available for review by trusted election officials as part of the procurement process.
Our Linux code is also subject to an open review, a reasonable alternative to full Open Source for our ever changing and dynamic election infrastructure threats.
Our open review process is:
- Based on a scientific peer review system
- Provides source to qualified individuals for comment period
- Allows for open dialogue, as well as allowing vendors to improve the system based on input
- Provides maximum transparency, while maintaining source control code
Since 2016, Unisyn has taken full advantage of the wide variety of cyber services offered by DHS. These cybersecurity service offerings include:
- Voluntary participation in the National Cybersecurity Assessment
- Cyber Hygiene Vulnerability Scan
- Risk and Vulnerability Assessment
- Unisyn is the first vendor to supply an “end-to-end” voting system to DHS to perform extensive vulnerability and penetration testing on voting system. (Click here to read CISA Director Krebs letter to Unisyn.)
In July of 2018, Unisyn became the first DHS election industry partner to undergo this testing. During the National Cyber Assessments and Technical Services (NCATS) Product Cybersecurity Assessment, a cybersecurity research team from Idaho National Labs (INL) performed a cybersecurity assessment of the Unisyn election system that was completed on October 31, 2018. The purpose of the assessment was to understand the functionality of the system in relation to the current cybersecurity risk assessments, and make recommendations to address these items in the interest of protecting the critical infrastructure controlled by Unisyn election systems from a cyber or physical attack. The test protocol was based on a set of assessment targets developed in conjunction with Unisyn and DHS program personnel.
In 2019, Unisyn completed a DHS scan of our internal network; and undertook a companywide DHS sponsored Phishing Campaign Assessment.
In 2019, Unisyn also provided cybersecurity training and certifications for all dealers nationwide as well as one of our county customers in the State of Missouri.
Unisyn’s newest effort to enhance the security of our products and services is the development of a foundational vulnerability assessment program. This policy will allow Unisyn to begin working with the research community to develop a solid program to assist in finding and addressing potential vulnerabilities to our products. Follow the link below to see the Vulnerability Disclosure Program Policy.
Election Infrastructure Partners Links