The Ministry of Economic Affairs and Communications and the State Shared Service Center on Thursday announced a public procurement tender for a contract to perform an audit of the security of the information systems of e-elections in Estonia.
The purpose of the procurement is to obtain an assessment of the security of the information systems of e-elections and proposals for advancing it, spokespeople for the ministry said.
Minister of Foreign Trade and IT Raul Siem (EKRE) said Estonia must be able to ensure that the operation of the digital solutions and applications used in elections is protected on the highest possible level of security.
"This is a historic event in the negative sense, as never before has the system of e-elections been subjected to a comprehensive audit or a systematic security assessment. In today's world wrought with cyber threats this is unacceptable, therefore moving forward without doing it is a real and substantive threat to the functioning of the state as a whole," Siem said.
The minister emphasized that it is high time to take an extremely serious approach to the subject.
"The purpose of the audit is to get a reasoned assessment by internationally renowned auditors and information security specialists of the security of the election information systems and also proposals concerning improvements to raise the level of security," he said.
In the course of the works to be performed, an assessment must be offered of the valid legislative acts related to election information systems, the electoral procedures and the technical environment. In offering the assessment, the assessing party must look at the relevance and sufficiency of existing documentation and the information security measures actually implemented.
The winner of the procurement must assess the security of all processes related to elections comprehensively and subject both the system of e-voting as well as the source code of the election information system to an analysis. The aim of the code analysis is to identify potential places of weakness and their type and to come up with proposals for improvements. Additionally, a security testing of information systems and processes must be carried out.
Siim Sikkut, deputy secretary general of the Ministry of Economic Affairs and Communications for ICT, described the international audit as being but one part of ensuring the security of e-elections.
"The Ministry of Economic Affairs and Communications, the Information System Authority and the national electoral service are collaborating in the preparation of various developments for the election information system and the system of electronic voting, updates to the website of elections and risk assessments, monitoring of cyberspace, updating of instructions and information materials, improving the observability of elections and more," Sikkut said.
The deputy secretary general said people must trust digital services and environments, and continuous reviewing and upgrading of the security measures of information systems is the basis for it.
The works must be performed by auditors internationally renowned in the field of cyber security in collaboration with competent specialists.
Siem described it as important for the audit and the security tests to be completed in good time before the next elections, in order for it to be possible to implement potential improvements.
The deadline for presenting the project's final report is October 1, 2021.
The public procurement tender is staged by the State Shared Service Center and the agreement to be concluded as a result of the tender is to be signed by the Ministry of Economic Affairs and Communications.
Editor: Helen Wright