A Call for Third-Party Penetration Testing
ORLANDO, FL (Sept. 1, 2020) – With the number of cybersecurity attacks and threats against governments continuously on the rise, the quickly approaching 2020 General Election has focused attention on vulnerabilities in the U.S. election infrastructure. Federal authorities are warning of foreign adversaries scanning systems for weaknesses as well as the potential for ransomware attacks to paralyze voting operations. In response, Civix, a leading public sector software and services firm, has partnered with RiskSense®, Inc. to provide independent penetration testing to states and localities.
“Election systems across our country are targets, and with the threats constantly evolving, states must take proactive steps to head them off,” said Mike Wons, the president of Civix Government, which provides election management technology to nearly half of the U.S. states. “We want to make independent penetration testing available to as many states and localities as possible, even those not using Civix technology. The stakes are high, and we are committed to helping ensure successful elections.”
The cloud-based platform uses risk-based scoring, analytics, and technology-accelerated penetration testing to identify critical security weaknesses and provide the fastest path to understanding and remediating threats. The solution looks at end-to-end security, from the validation of voter authenticity to the recording of voting data, and the validation of security controls to thwart environment tampering or compromise.
RiskSense has worked with Civix, formerly PCC, to provide independent, third-party assessments of several Civix elections applications. Now, the companies are partnered to offer any combination of services and tools to states and localities. Read more below.
“As an objective third-party independent from the Civix development process, RiskSense application penetration testing and analysis helped ensure best practices were followed as early as possible in the development lifecycle and validated the security posture of deployed election applications,” said Srinivas Mukkamala, CEO of RiskSense. “We are able to do the same for any existing system as well as those in development ahead of the elections and beyond.”
In addition to election management systems, RiskSense’s penetration testing can be used to identify critical security weaknesses in virtually any government technology system, from business services to vehicle registration.
RiskSense®, Inc. provides full spectrum vulnerability management and prioritization to measure and control cybersecurity risk across infrastructure and applications. The cloud-based RiskSense platform uses a foundation of risk-based scoring, analytics, and technology-accelerated pen testing to identify critical security weakness with corresponding remediation action plans, dramatically improving the efficiency and effectiveness of Security, Development, and IT.