Integration of an online voting solution with the SMESEC security framework

Abstract

SMESEC is an H2020 project that designed and implemented a lightweight cybersecurity framework for protecting small and medium-sized enterprises against cyber threats. The framework integrates a large variety of contemporary cybersecurity tools but also provides additional features aiming to facilitate novice users to get an overview of existing threats through simple tutorials, extensive explanatory material and a complete lessons-learned section. One of the possible areas in which the project can demonstrate its potential is in the protection of online voting solutions for small companies or governmental institutions. Scytl has developed an online voting solution that has been used in many private and governmental elections. The solution follows the principles of security by design, however infrastructure security must also be considered and ensured. This is not always easy for small companies or institutions, which are primarily interested on self-administrate their systems, but in the same time cannot afford the full spectrum of necessary security tools for tackling major and severe cyber threats. This paper aims to provide a detailed overview of the components and the architecture of a fully-functional and widely used online voting system, some of the imminent threats such a deployment faces and most importantly a description of the integration with the SMESEC framework and how exactly this was beneficial for the specific online voting solution.