Voting in New South Wales Australia Bicameral Parliament hence two contests per election held every 4 years Lower House single candidate per electorate preferential voting using Alternative Vote count method (auto runoff) Upper House multi candidate state wide electorate using Single Transferable Vote Proportional Representation count method
Voting in New South Wales Australia Most first preference counting is done manually in voting venue on election night, with distribution of preferences done manually and by computer in the following two weeks Electors currently just have to trust the electoral authority Partisan scrutiny during first preference count is the only independent check Checking is typically only in voting venue for Lower House, with virtually no effective independent checking of absentee votes and all Upper House votes Voter cannot confirm if their vote has been tampered with or counted
Manual Counting Relies on Chain of Custody Security of current paper system depends on good chain of custody Good chain of custody is proved by alignment of multiple independent manual counts at different stages of the election Miscounting common which leads to doubt Good chain of custody can only be proven by initial count result aligning with final count result for a given issuing venue Non alignment of counts mean votes have either been miscounted, lost, inserted or tampered with it is difficult to determine which
What is ivote? Remote electronic voting system for Web or telephone Web browser over Internet (including mobiles) DTMF phone over PSTN Human operator using voice from telephone to Web browser (new for 2015) Registration required with eligibility only for: Blind, disabled, remote and interstate or overseas electors During early voting period (two weeks before election day)
What is ivote? Used at March 2011 NSW Parliamentary election: votes for 46,864 electors (about 1% of the election) Expect to take votes for 200,000 electors at Parliamentary election in March 2015 Will not replace paper ballots for attendance voting (60% to 80% of votes attendance)
ivote Architecture Body Level One Body Level Two Body Level Three Body Level Four» Body Level Five
ivote Security Design Principles Balance comparative risks of current paper approach with Internet voting Increase number of voting channels (makes fraud more difficult) Mix of People-Process-Technology (not just a technology project) Segregation of Duties, Data, Systems and Communication Channels
ivote Security Design Principles Voter can verify vote captured as cast Voter has evidence vote decrypted as captured (auditor, receipt number) Voter can check vote counted as decrypted (all preferences published) Voter coercion not considered a significant issue also voter able to revote
Why use ivote Independent voting for blind and low vision voters (BLV want all electors to use it) More accurate result Greater electoral integrity Postal voting may be problematic in 5 to 10 years Postal voting currently failing overseas voters (over 60% not returned) Overseas voters able to vote (NSWEC obtained 20k to 30k extra votes in 2011)
Why use ivote Has been used successfully by other jurisdictions (Norway, Switzerland, Estonia) Prevents electors getting fined (compulsory voting obliges the Commission to help voters) Increased Participation (dropping youth vote, helps overseas voters) Electors want it (most common question asked)
Body Level One Body Level Two Body Level Three Body Level Four» Body Level Five
What is Strategic Threat Intelligence? Focus on threat Actors Analysis Drives intelligence collection planning Proactive vs reactive The data within the database or the threat feed can be highly useful to the intelligence process. But (and I am not picking nits here) it comprises a data feed, not an intelligence feed (except to marketers). Darkreading Nick Selby
A New Approach to Cyber Military have long used intelligence Threats traverse ALL in a global cyber war Threats evolve and calibrate Threats to e-voting If you know the enemy and know yourself, you need not fear the result of a hundred battles... Sun Tzu, the Art of War
Strategic Threat Intelligence Research and Analysis Monitor and Respond Wargame, Test and Assess
Strategic Threat Intelligence 1. Research Threat Actors Threat Actor profile Threat Actor hierarchy 2. Attribution Matrix 3. Attack Trees 4. Threat Actor Capability Matrix 5. Ecosystem Analysis Research and Analysis
Strategic Threat Intelligence 6.Tabletop exercise / wargame Client (blue) + Specialists (red) Attack tree walk through Action Reaction Counteraction Wargame, Test and Assess 7.Threat courses of action Wargame analysis Most Dangerous Most Likely
Strategic Threat Intelligence 8.Report Recommendations Intelligence collection plan 9.Monitor* Execute Intelligence collection Integrate with SOC 10.Response* Incident Response Monitor and Respond CSC Global Logical SOC * Available additional services, STA integrates with SOC and IR
Business Drivers Merger & Acquisition Event Security Business Strategy Service Continuity
Why? Confidence and Assurance beyond compliance Drives a focused, pragmatic, effective security strategy Supports business operations and planning
IAN BRIGHTWELL CIO, New South Wales Electoral Commission