Swiss government invites hackers to pen-test its e-voting system
The Swiss government will make its future e-voting system available for a public intrusion test and is now inviting companies and security researchers to have a go at it.
"Interested hackers from all over the world are welcome to attack the system," the government said in a press release. "In doing so, they will contribute to improving the system's security."
The public intrusion test (PIT) will be held between February 25 and March 2, and cash rewards ranging from $100 to $30,000 are available, as per the table below (1 CHF is roughly 1 USD):
|
Category |
Minimum compensation in CHF |
|---|---|
|
Best Practice (uncritical optimisation possibilities) |
100 |
|
Intrusion into the e-voting system |
1,000 |
|
Corrupting votes or rendering them unusable |
5,000 |
|
Successful attack on voting secrecy on the servers |
10,000 |
|
Manipulation of votes detected by the system |
20,000 |
|
Undetected manipulation of votes |
30,000 - 50,000 |
A mock e-voting session is planned on the last day of the testing period, on March 24, but participants can attack the e-voting system before that, as well.
To participate, companies and security researchers will have to sign up in advance of the PIT session's official start. Signing up will give participants the legal permission to attack the system, will ensure the cash rewards will reach those who first report an issue, and it enforces a set of rules and restrictions on participants.
For example, some of the things that PIT participants aren't allowed to do is to carry out attacks that may harm a voter's personal device or attack unrelated systems belonging to Swiss Post, the e-voting system's maker.
Swiss Post will help out by disabling some of the security defenses that normally protect the e-voting system "to enable participants to concentrate fully on attacking the core system."
Furthermore, Swiss Post will also allow PIT participants to request as many e-voting cards as they need for their tests, and have made the source code of their e-voting system available to participants on GitLab.
Swiss authorities also hired Swiss company SCRT SA as an independent third-party that will verify the vulnerability reports that participants submit, before forwarding the vulnerabilities to Swiss Post.
The Swiss government decided to hold public penetration tests of its e-voting system to boost the confidence that these systems are secure.
At the end of January, a committee of politicians and computer experts have started an initiative to have e-voting banned in Switzerland for at least five years. This group hopes to gather over 100,000 signatures over the course of the following months to start legal procedures to have e-voting banned.
The Swiss government said the e-voting system has already gone through more than 300 private testing sessions.
Officials said e-voting would make it easier for Swiss citizens living abroad to vote. The end plan is to have e-voting as an official voting method, besides poll station and postal mail voting.
source zdnet
Industry: Cyber Security News
Latest Jobs
-
- Senior Identity and Access Management Consultant (IDAM)
- Germany
- €70,000 - €85,000
-
(Security Consultant, Technical Consultant, Consultant, IDAM, CyberArk, RSA, Cyber, Security, Germany) Location: Frankfurt *Candidates must be EU based (Germany preferred) as our client are unable to provide sponsorship* Senior Identity and Access Management consultant (IDAM) subject matter expert is needed to lead and drive technical and or business transformation projects in a client facing position for a prestigious consultancy in Frankfurt, Germany. A broad technical knowledge across Identity and access management is essential. Technical hands-on experience with one or more of the following Ping, Forgerock, Cyberark, RSA Aveksa is highly desirable. A successful individual will be client facing and MUST be able to effectively engage, consult and provide advice to complex client engagements. The position will give the Senior Identity and Access Management consultant the opportunity to work with top tier clients with the view of making a meaningful strategic difference. If you are passionate about your industry and specialise in the IDAM space and are looking for a new challenge to step up, apply today and speak with the Security team. Call DCL Search & Selection on 0208 663 4030 and find out about more of our cybersecurity jobs. Reference: TC7528 (Security Consultant, Technical Consultant, Consultant, IDAM, CyberArk, RSA, Cyber, Security, Germany)
-
- Business Development Manager (IoT Connectivity Solutions)
- Frankfurt
- Up to €120,000 plus bonus and benefits
-
Experienced Business Development Manager is required for an expanding Service Provider to sell/position their IOT connectivity solutions into the Manufacturing Sector within the German market. This is a great opportunity to join a key player within this space, who have a number of successful projects for you to reference, they have the skills and the network but now needs the key person to help take the message to market You need to have proven sales experience within the mobile cellular IOT connectivity space and ideally knowledge of the manufacturing sector, this is a true consultancy role, you will be comfortable working with other sales team within the business but also able to directly approach key customers yourself. Great opportunity to join an expanding business as they grow their German Presence Ref: RA7259 (IoT Sales Jobs, IoT Sales, IoT Sales Executive, IoT Business Development Manager)
-
- Services Manager (Telecommunications)
- London
- Up to £75,000 plus benefits and bonus
-
Service Manager with telecommunications experience is required for a tier 1 service provider. You will be responsible for managing a number of key global account, acting as the voice of the customer within the business. Your key objectives will include: Responsibility for overall service relationship with the customer To enhance the customer experience To protect and grow customer revenues You will be working within a global business where you will be managing different services from different parts of the globe and therefore must be able to demonstrate where you have ideally worked within a similar environment. You will be a key member of the service management team responsible for a number of key accounts. You must have experience as a Service Manager from either a telecom/telecommunications or hosting business dealing with services to corporate accounts, you will need to have knowledge around telecom/telecommunications solutions. Ref: RA7255
-
- Infrastructure / Forensic Lab Manager
- London
- Up to £40,000 Base
-
Infrastructure / Lab Manager needed to join a consulting business near London Bridge. MUST be commutable on a daily basis. The Infrastructure / Forensic Lab Manager will be responsible for the upkeep, performance, security/patching etc of the hardware/software used by the consultants across the UK business. Broad IT experience covering both on-prem - Cloud (Azure) environments, Hyper V, Security Information and Event Management tools (such as SPLUNK). Specific experience with Forensic / eDiscovery Labs (Relativity / Nuix) is highly desirable. The Infrastructure / Forensic Lab manager will be a key hire within the technical team being the escalation point for any internal IT issues. Experience liaising with remote/international stakeholder is essential. All details kept in the strictest of confidence. Apply today and or contact Chris.Holt@dclsearch.com *For this position candidates must be UK based and our client is unable to sponsor candidates outside of the EU* Ref: CH7533 (Forensics Jobs, Digital Forensics Jobs, Forensics Lab Manager)