Secure the Election

Synack

Security by America for America

The right to a fair election has become a primary target of our adversaries. America wants to help. We have crowdsourced a bipartisan security solution for state governments—join us in taking action.

Our Campaign

As our digital attack surfaces grow, security teams lack the scale and resources to test their full attack surfaces. Most states have under 15 FTEs on their enterprise security teams, and <7% of states are able to conduct third party penetration testing more than annually*.

Synack provides state governments with secure, scalable crowdsourced security testing. We look for security vulnerabilities that could be exploited by malicious actors to influence the election. All results become the property of the government.

* 2016 Deloitte-NASCIO Cybersecurity Study.

What We Test

Voter registration databases are a prime target for attackers. If exploited, an attacker could change the outcome of an election.

We test online voter registration websites and remotely-accessible voter registration databases from a hacker’s perspective by examining:

Which servers are connected to the internet?
Does online voter registration connect to the voter registration database (VRDB)?
Can admin access be gained? Can accounts be edited?
Can the VRDB be accessed through a 3rd party system (e.g., HHS, DMV)?

How Crowdsourced Security Testing Works

Synack uses a secure platform, vetted crowd of the top security researchers in the world, and technical controls to provide the most effective and efficient testing solution with the least amount of risk.

Secure the Election Process
  1. Trusted Crowd of Security Researchers

    5 step vetting process accepts 10% of security researcher applicants. FVEY & SF-85P cleared researcher groups are available.
  2. Secure Platform

    Researchers must connect through Synack's secure gateway where we track activity & movement
  3. Managed Testing

    Cleint scopes digital assets for testing and sets rules. Researchers test & report through the platform.
  4. Real-time Results

    All vulnerabilities are triaged and prioritized. Findings are shared in real time, researchers work with security teams to remediate rapidly.

What to Expect from a Crowdsourced Security Test:

We believe that the best security is rooted in a united effort. We believe in action.
We believe in a more secure America.

Platform

Trust:
Full control & visibility.

Talent

Efficiency:
24 hours to deploy, 24 hours to find severe vulnerabilities, 24 hours to triage

Partners

Quality:
>95% signal-to-noise ratio

Platform

Coverage:
>200 testing hours & 100s of security researchers in a 2-week test

Talent

Results:
Real-time analytics on results and asset hardness relative to peers

Partners

Partnership:
Force multiplier for your security teams

Special Offer for the Midterms

Synack is offering state governments a pro bono crowdsourced security test to find and help fix vulnerabilities before the election and before exploitation by the adversary.

This offer is available to U.S. state governments only (including Synack’s existing state and local government customers). Each eligible recipient will be limited to one (1) free 14-day Synack Crowdsourced Vulnerability Discovery Test of an online voter registration website or remotely-accessible database that is expected to be used in the November 2018 mid-term election. Any website or database submitted for testing must be approved by Synack, such approval may be withheld at Synack’s sole discretion. Each test must be concluded by or before November 6, 2018 and will be subject to Synack’s standard terms and conditions. Synack reserves the right to cease or change this offer at any time.

Together We Stand

We believe that the best security is rooted in a united effort. We believe in action. We believe in a more secure America.

“”
Synack’s professionalism and our partnership during this program have provided immense value.
— Synack Government Customer