RABET-V is a flexible, risk-based, and cost-effective election system verification process that will expedite verification of election systems while providing assurances of security, reliability, and usability. The RABET-V Pilot Program is designed to evaluate the RABET-V process and the potential of the process to improve the speed, security assurances, and cost-effectiveness of non-voting election technology verification.
For more information of the Background and Motivation for RABET-V, see CIS' How to Improve Election Technology Verification White Paper.
In this repository, you will find three main areas:
- docs. This defines the RABET-V program details. Read through the program to get an idea of how RABET-V works in detail.
- Research Plan. The Research Plan discusses how we intend on evaluating RABET-V throughout the Pilot Program. Read this to understand the pilot project.
- Economic Model. The Economic Model proposes various methods of deploying and operating a RABET-V process in the United States for non-voting election technology verification.
The RABET-V Pilot Program is guided by a steering committee comprised of election officials, election technology providers, and other election infrastructure stakeholders. We will add steering committee member information below as we confirm members:
- Aaron Wilson, Sr. Director of Election Security at The Center for Internet Security (CIS) - Steering Committee Chair
- Jerome Lovato, Testing and Certification Director at The Election Assistance Commission (EAC)
- Don Palmer, EAC Commissioner
- David Beirne, Federal Voting Assistance Program (FVAP)
- Nikki Charlson, Maryland State Board of Elections
- Spencer Wood, Ohio Secretary of State's Office
- Richard Rydecki, Wisconsin Elections Commission Staff
- Christina Adkins, Texas Secretary of State's Office
- Jessica Myers, Pennsylvania Secretary of State's Office
- Mike Moser, Pennsylvania Secretary of State's Office
- Voting System Oversight Program (VSTOP), Indiana
- Geoff Hale, Cybersecurity and Infrastructure Security Agency (CISA)
- Ryan Macias, CISA
- Amy Cohen, National Association of State Election Directors (NASED)
The following technology providers have volunteered to have their products used in the RABET-V Pilot.
- VR Systems - Electronic Pollbooks and Election Night Reporting
- KNOWink - Electronic Pollbook
The RABET-V Technology Advisory Committee is a growing group of experts in relevant subject matter that are volunteering their time to assist in the refinement of the RABET-V process.
- Jono Spring, SEI CERT Division
- Lauren Cooper, SEI CERT Division
- Brian Glas, OWASP SAMM
- Beau Woods, Atlantic Council
- Mary M Shaw, Carnegie Melon
- David Garlan, Carnegie Melon
- Ryan Wagner, Carnegie Melon
- Joshua Bloch, Carnegie Melon
- Daniel Plakosh, SEI Software Solutions Division
- Gema Howell, NIST
- Mary Brady, NIST
- Gordon Gillerman, NIST
- Lisa Carnahan, NIST
- Rob Gordon
The program will be administered by CIS team with assistance from The Turnout. Dr. Mike Garcia will serve as the Research Lead.
The RABET-V Pilot Program will first establish a detailed version of the RABET-V process called the RABET-V Working Model. This version will detail how each activity will be conducted. The Working Model will be iteratively reviewed by the program Steering Committee and modified as necessary.
Using the Working Model, the Pilot Program will conduct initial reviews on real products from Pilot Program participants. Each initial review will execute all seven RABET-V activities resulting in the creation of Testing Rules and initial verification results for each product. The Architecture Review and Process Assessments will follow the architecture and process review steps detailed in the Working Model, which may be updated as necessary throughout the Pilot Program.
The RABET-V process will be conducted on real products from Pilot Program participants that represent diverse offerings. The Pilot Program will work with pilot participants to develop their submission package and security claims. This pilot will then follow the architecture and process review technical guidance and develop risk-based product-specific testing processes. The Pilot Program will evaluate the value of the activities, along with the time and cost, and conclude with recommendations on the best approach.
The Pilot Program will then conduct multiple iterations of RABET-V on product revisions from the participants. Depending on the changes, RABET-V will adapt and conduct only the activities required. This exercise will highlight the effectiveness of RABET-V to create meaningful but streamlined verifications and help determine the effectiveness of the product architecture and process reviews. It will also provide useful time and cost information. After each RABET-V iteration, changes may be made to the testing process and the iteration repeated as necessary.