AEC testing itself
The AEC is working to protect its systems against potential election meddling.
The Australian Electoral Commission (AEC) is going back through its core electoral systems to identify any vulnerabilities ahead of the next federal election.
The agency will also be keen to prevent the failure of its systems at the time they are being used most, as happened during the most recent Census.
The AEC’s election and enrolment management systems date back to the early 1990s, so many now require significant upgrades or replacement.
The review comes after a parliamentary committee found the ageing IT systems could compromise the integrity of Australia’s federal voting system, without a big overhaul.
“Voters must have confidence in the election result and certainty that no bias or error has influenced the outcome. Change is now imperative to maintain this confidence and the AEC needs additional resourcing to keep pace,” the joint committee found.
The report also noted that “cyber security threats to Australian electoral process must be effectively identified and mitigated”, in particular due to the age of the AEC’s systems.
The revamp should cover the electoral roll management system (which runs polling place management and tabulates the vote count), and the corporate production network, wireless network, email gateway, and its AWS-hosted public web servers.
Reports say the AEC will undertake an active compromise attempt from within the AEC network and externally, and review its security monitoring configuration before and after the compromise attempt.
Penetration testing, limited application layer testing, firewall and server-level ACL testing, database and network equipment security controls testing will be performed as well.
The tests should be completed during August 2017.