Andrew Regenscheid - PowerPoint PPT Presentation

1 / 24

About This Presentation

Title:

Andrew Regenscheid

Description:

Update on UOCAVA Risk Assessment by ... and estimating information security risks Page ... Threat event Vulnerability Threat source Impact Likelihood Page ... – PowerPoint PPT presentation

Number of Views:31

Avg rating:3.0/5.0

Slides: 25

Provided by: John1853

Learn more at: http://www.nist.gov

Category:

more less

Transcript and Presenter's Notes

Title: Andrew Regenscheid

1

Update on UOCAVA Risk Assessment by UOCAVA
Working Group

Andrew Regenscheid
National Institute of Standards and Technology
http//vote.nist.gov

2
Outline

Background
Risk assessment methodology
Sources of data
Status update on progress
Next steps

3
Background

All systems and processes have risks
Current UOCAVA Vote-by-Mail (VBM) as baseline
We have implicitly accepted risks in the current
UOCAVA voting process
Director Carey has maintained future systems
should be compared to the current system
TGDC accepted task to develop a risk assessment
on current UOCAVA processes

4
Charge

To describe risks in currently-used UOCAVA voting
processes
Vote by Mail (VBM)
Electronic ballot delivery via e-mail, fax, and
web sites
Effort should facilitate comparisons between
different types of risks
Future efforts could look at remote electronic
voting systems, once a system is defined

5
Risks

From NIST SP800-30rev1
Risk is a measure of the extent to which an
entity is threatened by a potential circumstance
or event, and is typically a function of
The adverse impacts that would arise if the
circumstance or event occurs and
The likelihood of occurrence
A risk assessment is the process of identifying,
prioritizing, and estimating information security
risks

6
Methodology

Initial step Define current UOCAVA voting
processes
Tailored methodology in NIST SP 800-30rev1, Guide
for Conducting Risk Assessments (draft)
Major contents of risk assessment
Threat event
Vulnerability
Threat source
Impact
Likelihood

7
Defining Current Processes (1)

EAC whitepaper, UOCAVA Registration and Voting
Processes, April 2011
Split UOCAVA Voting into 6 processes
Prepare and Submit Voter Registration Application
Process Voter Registration Application
Prepare and Deliver Blank Ballots
Mark and Return Ballots
Receive and Process Ballot Packets
Count Ballots

8
Defining Current Processes (2)

Each process could have several instantiations,
e.g.,
Registration by mail, e-mail, fax, or web
Ballot delivery by mail, e-mail, fax, or web
For each process, we created flowcharts
UML 2 Activity Diagrams
Currently only vote-by-mail diagrams are
completed
Activities in each diagram are tagged with an
identifier

9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
Risk Assessment

Diagrams represent the target system of the risk
assessment
Risks may be present at any step (i.e., activity)
of the processes
To describe the risk, we need to identify the
Threat event
Vulnerability
Threat source
Impact
Likelihood

13
Threat Event

A threat event is any event or situation that has
the potential for causing undesirable
consequences or impact
Undesirable impacts violate one of the following
goals
Correctness of election result
Protect voter privacy
Maintain public confidence in election
Example Blank Ballot is lost or delayed en route
to voter
A threat event involves the exploitation of a
vulnerability by a threat source

14
Vulnerability

A vulnerability is an inherent weakness in a
system, security procedures, internal controls,
or implementation that could be exploited by a
threat source
Example Foreign and domestic mail services are
not fully reliable

15
Threat Sources (1)

A threat source is the adversary intending to
exploit vulnerability, or it is a situation that
may accidentally or incidentally exploit a
vulnerability
Types of threat sources
Adversarial attacks
Human errors of omission or commission
Structural failures of jurisdiction-controlled
resources
Natural and man-made disasters, accidents, and
failures beyond the control of the jurisdiction

16
Threat Sources (2)

Examples of threat sources
Adversarial
Hostile individuals and groups
Disgruntled election workers
Non-adversarial
Voters
Election officials
Postal agencies
Natural disasters

17
Impact

Impact is a measure of the harm done by the
occurrence of a threat event
Qualitative measure of two factors

Impact

Severity
How bad is the event?
Low/Moderate/High

Scale
How many voters/ballots are impacted?
Small/Large scale

18
Likelihood

The likelihood of occurrence of a threat is an
estimate of the likelihood that a threat event
will occur and result in an adverse impact
UOCAVA voting processes have different types of
risks, e.g.,
System-wide risks that rarely occur
Transactional risks that occur frequently
We replace likelihood with Occurrences that is,
how often a given threat event is likely to occur
in a given state during a Presidential election
year

19
Occurrences

We have a 4-point qualitative scale for
estimating occurrences

Uncommon (1) Rare The event is very unlikely to occur
Uncommon (2) Unlikely The event regularly occurs in elections, but is unlikely to occur in any given election
Common (3) Infrequent The event is expected to occur a few times during an election
Common (4) Frequent The event is expected to occur many times during an election
20
Risk Assessment Examples
Threat Event Vulnerability Threat Source Activity Severity Scale Occurrence
A voter moves and forgets to inform the LEO of his/her new address Human error- Voters must remember to update their addresses Voter 1A-a High Small (4) Frequent
A marked ballot is lost or delayed by a mail service en route to a LEO Foreign and domestic mail services are not fully reliable Mail services 4A-e High Small (4) Frequent
Batch of marked ballots is lost during processing Loss of physical security LEO 5, 6 High Large (2) Unlikely
21
Data Sources