220 likes | 422 Views
Election Assistance Commission. Technical Guidelines Development Committee Meeting July 27, 2011 EAC Update. EAC COTS Roundtable. Held at EAC offices February 14-15, 2011 Participants: Moderator = Merle King, Kennesaw State University Center for Election Systems
 
                
                E N D
Election Assistance Commission • Technical Guidelines Development Committee Meeting • July 27, 2011 • EAC Update www.eac.gov
EAC COTS Roundtable • Held at EAC offices February 14-15, 2011 • Participants: • Moderator = Merle King, Kennesaw State University Center for Election Systems • Voting System Manufacturers = Ed Smith, Dominion Voting Systems & McDermot Coutts, Unisyn Voting Solutions • Election Officials = Luis Torres, Technical Service Manager, Orange County, FL Supervisor of Elections & Paul Stenbjorn, DC Board of Elections • State Certification Tester = Glenn Newkirk, North Carolina, PA • DoD/Navy = Pete Marti, Senior EM Spectrum Engineer, Member- Navy Tri-SYSCOM E3 Integrated Product Team • FCC = Bill Hurst, Chief, Technical Research Branch, FCC Laboratory Division
Purpose • Work towards a more realistic definition of Commercial-Off-The-Shelf (COTS). • Determine ways voting system manufactures use COTS products and interact with COTS product manufacturers. • Discuss pros and cons of COTS. • COTS effect on voting system lifecycle and sustainability. • Determine next steps.
COTS in Certification • Lifecycle disconnect between COTS and voting systems. • Many commercial products have a production lifecycle of 6-8 months. • Voting systems should function for (at minimum) 6-8 years. • COTS reality in certification. • ES&S Unity 3.2.0.0 Desktop ------ Dell Optiplex GX260 computer desktop with monitor, keyboard & mouse Dell PC, 1 GHz or faster processor, 512 MB RAM, 40 GB hard drive, 48x CD-ROM or DVD drive, 3.5- inch drive, Super VGA (800x600) or higher resolution video adapter and monitor, appropriate drivers Laptop ------ Dell Latitude 600, Model #PP05L Dell Intel Pentium Processor 1400 MHz 587 MHz 1.00 GB Ram • Current Dell equivalent = Dell Optiplex GX 380 and Latitude 5410 or 6410
Roundtable Discussion Summary • Is COTS really COTS? • Most current “COTS” products are really industrial grade COTS and generally can’t be purchased at retail stores like Best Buy or Radio Shack. • COTS really more aptly described as “MOTS.” Modified-Off-The-Shelf… • DOD= VERY strict definition of COTS. COTS must not be modified in any way. Any change to COTS is considered MOTS and must be tested. • FCC has categories of Permissive Changes to products. • Class I changes need no testing. • Class II changes need some testing • Class III (new) changes in software that modify the frequency, power, and modulation type of a software defined radio need only manufacturer submitted test data.
Roundtable Discussion Summary • Thoughts on potential changes in the voting systems industry: • Determine a spectrum of “permissive” changes- • Risk based matrix? Where is the risk being absorbed?? • Manufacturer Quality Control is the biggest factor- • What quality system is in place? Are they ISO 9001?? • What is the track record of the manufacturer related to quality products? Manufacturer Declaration of Conformity What is in the middle??? Full Re-Testing
Roundtable Discussion Summary • Election Officials perspective: • Jurisdictions have few instances in which they can independently purchase COTS peripherals. • In some instances COTS would void system warranty if manufacturer requires jurisdiction to purchase “COTS” products thru them. • Will COTS extend the life of a voting system? NO… • Lifecycle costs = What does the end-user expect vs. How the (COTS) product is designed? • Must find and test alternative COTS components. • Hidden cost associated with COTS use = potentially more frequent recertification of systems that use COTS products that quickly become obsolete.
Roundtable Discussion Summary • Manufacturers perspectives on COTS. • Need more dynamic back-end post certification. • Certify different configurations and COTS devices. • Put onus on the manufacturer to make sure COTS conforms to VVSG and program. (Manufacturer self-testing) • Develop common data format. • Develop list of multiple alternatives to hardware components (LCD screens, motherboards, eprom chips) • Develop a matrix of what is a “testable event.” • COTS is a point in time with hardware and firmware. How do we keep systems current without additional extensive testing?
Defining COTS • 2005 VVSG : commercial off-the-shelf (COTS): Commercial, readily available hardware devices (such as card readers, printers or personal computers) or software products (such as operating systems, programming language compilers, or database management systems). • Next Iteration: Software, firmware, device or component that is used in the United States by many different people or organizations for many different applications and that is incorporated into the voting system with no manufacturer- or application-specific modification. • COTS Roundtable: Software, firmware, device or component, that is currently in use outside the elections industry and that is incorporated into the voting system with no modifications by the manufacturer.
Potential Next Steps for COTS • COTS Wiki: • What is a “wiki?” …a website that allows the creation and editing of any number of interlinked web pages via a web browser using a simplified markup language or a text editor. Wikis are typically used by various groups to create collaborative works. Examples include community websites, corporate intranets, knowledge management systems, and note services. • Our wiki would potentially could contain: • Test plans and documents • Searchable COTS database • Information on alternative COTS suppliers • L&A test information and models • Develop Classification Schemes for COTS products: • Benefit as a documentation of system infrastructure for State and local election officials. • Identify potential substitute products for current COTS components. • Develop a prototype environment for using the classification scheme in pilot jurisdictions.
Potential Next Steps for COTS, Cont. • Manufacturer/EAC Working Group to Identify EAC List of Acceptable COTS Manufacturers by Component: • LCD screens • Motherboards • Eprom chips • EAC developed “best practices” for Configuration Management of COTS: • Understand what COTS components you have in V.S. • Could include keeping L&A test data on each unit & Service ticket data on each unit.
Voting System Lifecycle Management (Sustainability Roundtable) Definition: The process, procedures and policies adopted by an election jurisdiction in order to effectively maximize the useful life of the voting system hardware and software. In general, an information technology lifecycle can be thought of as the period of time during which a system is expected to be usable for the purpose it was acquired. For voting systems specifically, a wide variety of factors effect lifecycle management. These factors include, but are not limited to: • Modifications to the system requested by a jurisdiction or mandated by changes to Federal or State law. • Manufacturer generated software changes and hardware modifications. • OS patches. • COTS product end-of life and refresh rates. • Manufacturer quality assurance and configuration management practices. • Field issues requiring modifications. • Certification timeframes (both Federal and State). • Jurisdiction budget constraints + system refresh, replacement plans. • System warranty, maintenance and repair programs. • Normal election related wear and tear. www.eac.gov
Roundtable • Preparing for 2012: The Life Cycle of Voting Machines May 5, 2011, Washington, DC • Record number of viewers on webcast. • Archived webcast continuing to be watched by election officials, policy makers and the public. www.eac.gov
Participants • Linda Lindberg • Traci Mapps • Wendy Noren • Frank Padilla • Andy Rodgers • Jim Silrum • Chris Thomas • Doug Lewis • Merle King • Tom Caddy • Ken Carbullido • Lowell Finley • Brian Hancock • Neal Kelley • Mike DeBonis • Kathy Scheele (Unable to Attend) www.eac.gov
The Issue In the years 2002-2005, there was an unprecedented surge in the acquisition and deployment of voting systems. Old and antiquated systems were replaced with newer technologies. Now, as we approach the 2012 election cycle, the states are facing the challenge of managing ageing voting systems in an environment of sharpened public awareness and heightened public expectations of the security and performance of voting systems. This Roundtable seeks to explore the issues associated with the sustainability of the nation’s voting systems. www.eac.gov
Comments from the Participants • The life cycle is not just a function of the existing systems, but is actually the span of time from deployment to deployment. • Adequate Tech support is important to extending the life of the system. • Testing can be optimized to address federal & state requirements. • Total ownership cost is a more appropriate perception. • Leasing of equipment may be an option. • Lower the cost of testing to states will permit states to economizechanges. • Must be a joint effort of Federal/State/local officials. • Invest time & effort into the development of fair & comprehensive contracts. • We need to be less reliant on vendors. www.eac.gov
Comments from the Participants • The problem for 2012 is a people problem; cut back in personnel is the most serious challenge. • Preventative maintenance should be a top priority. • The effort needed to develop a plan for replacement of the current systems will be considerable. Could take longer than 5 years. • Need to develop a funding formula to sustain our voting systems. • 2012 may not be an issue for the voting systems… but 2016 will. • The complexity of system is a function of their need to address multiple jurisdictions needs: this complexity impacts every aspect of system testing. www.eac.gov
Conclusions/Next Steps • Band-aid solutions will work… but only for a limited period of time. • Unfortunately, additional funding is the only long term solution both for the replacement of aging systems and for the continued health of the industry. • More and better State/Federal cooperation in testing. • Development of User Groups to share information. • Because refurbished systems are more common- potential for EAC to sponsor a summit meeting with the manufacturing community with the goal of producing industry developed standards for refurbished equipment. • 1st of potentially annual meetings of Federal and State Certification officials may be held at Kennesaw State University in Serptember 2011 timeframe. www.eac.gov
EAC Accessible Voting Technology Initiative Grant • EAC announced the availability of up to approximately $7,000,000 to support research on transformative technologies and approaches to meet the critical challenge of making voting more accessible to all eligible voters. • Funding will support research for: • 1) promising technologies and practices; • 2) technology testing and adoption; and • 3) development of administrative processes and training improvements to increase accessibility of existing voting procedures and election systems. • The initiative will focus on a broad spectrum of research that addresses a variety of disabilities, as defined by the Americans with Disability Act (ADA).
The Recipients Clemson University; Clemson, SCPrincipal Investigator: Dr. Juan GilbertFunding Level: $4,500,000 Total Costs Project Description: The Research Alliance for Accessible Voting (RAAV) will be working on innovative solutions that are required to overcome technological issues in providing accessibility to all voters, especially those with disabilities. This includes the development of technologies that provide private and independent verification of paper ballots. In addition to its focus on technological solutions, some RAAV partners have a strong interest and track record in human interface issues that include technology but go further to address simplified language, poll worker training and support, and use of multi-modal information. The project, under the direction of Dr. Juan Gilbert, will bring together a unified approach to accessible voting. Information Technology and Innovation Foundation (ITIF); Washington, DCPrincipal Investigator: Mr. Daniel CastroFunding Level: $2,500,000 Total Costs Project Description: ITIF proposes a holistic view to the challenge of increasing accessibility for voters with disabilities, taking into consideration social and environmental requirements along with the technological requirements. This approach has been called “design thinking.” The ITIF consortium brings together partners with expertise in design, technology, usability, accessibility, and elections. Their project is organized into three phases: Defining the problem, Designing the solution, and Looking to the future. The consortium will first research the barriers to participation; survey current election management practices; evaluate current systems; identify innovative assistive technologies; and gather other requirements from working directly with people with disabilities and advocacy organizations. After this research is complete, the group intends to issue targeted sub-grants to develop promising concepts into full prototypes.
Contact Information Brian J. Hancock Director, Testing and Certification Division bhancock@eac.gov (202) 566-3122