Study of Widely-Used Voting Machine Finds 1 In 5 Components from China-based Companies

Results Highlight Potential Supply Chain Risks to Election Infrastructure

ARLINGTON, Va., Dec. 16, 2019 (GLOBE NEWSWIRE) -- Interos, the first and only multi-tier, multi-factor third-party risk management platform, today released a study that illustrates the ability to illuminate links between components used in a popular voting machine, and potential global risks in access from other countries. The study underscores the increasingly complex nature of supply chains amid the rise of globalization and interconnectedness of technology.

“The complexity of our everchanging interconnected and globalized economy creates more opportunity for unknown risks than ever before,” said Jennifer Bisceglie, founder and CEO of Interos. “It is nearly impossible to understand any businesses’ comprehensive third-party risk profile without first understanding that company’s full family tree of suppliers. Interos identifies suppliers and potential risk continuously, so that businesses can then determine how to navigate those risks.”

As part of the study, Interos explored sub-tier supply chains’ roles in the election technology infrastructure by mapping the supply chain behind an electronic voting station. Interos identified and sourced data using its graph database to pull information from a combination of highly reliable data sources, including import and export records, SEC filings and company websites. The estimated margin of error is small.

Discoveries from the mapping include:

  • 20% of the machine’s components came from China-based companies. The components include:
    • Control boards
    • AI processors
    • Infrastructure software
    • Touchscreens
  • 56% of suppliers within the first three tiers had at least one location in China.
  • 14% of suppliers within the first three tiers had at least one location in Russia.
  • 59% of companies within the first three tiers of the machine’s supply chain had locations in China, Russia, or China and Russia.

During a recent hearing on “Public-Private Initiatives to Secure the Supply Chain,” with the Committee on Homeland Security; Subcommittee on Oversight, Management & Accountability; Bob Kolasky, Director of National Risk Management Center for the U.S. Department of Homeland Security, and U.S. Congressman Dan Crenshaw of Texas, discussed the role of tools in evaluating risk for the election supply chain. It was stated that tools that scrape together publicly available data that is hard to aggregate without taking advantage of machine learning and technology –narrow down areas of focus for deeper exploration.1 This stands as further validation of Interos’ approach and the importance of this type of scrutiny and continuous monitoring of U.S. voting technology.

As a technology company, Interos’ report demonstrated the ability to identify supplier relationships that could potentially pose risks worthy of awareness and evaluation. The report was not intended to draw conclusions about compromises in the voting machine studied.

Interos acknowledges that doing business with China or Russia is not inherently problematic, but those transactions are deserving of increased awareness and scrutiny.

Supply Chain Interconnectivity

Interos monitors 50 million global business relationships daily and finds on average each relationship is impacted by 20 events a month which builds the case for the need of continuous monitoring. Organizations typically use people for this task and take 30 days to four months to assess a single product supply chain or supplier’s extended relationships, for a single risk factor. In the time it takes organizations to monitor a product supply chain, or supplier’s relationships, 20 to 80 changes typically occur, rendering assessments at least out of date and potentially blind to important changes in financial, geographic, compliance, cyber or strategic risk. Interos conducts a supply chain risk evaluation with help from automated assessment of over 85,000 data sources - helping companies understand every supplier feeding into their products and services in just minutes.

“The financial and operational burden companies face today when conducting full supply chain evaluations limits their purview – and ultimately limits the questions they are able to ask and get answered,” Bisceglie said. “Interos believes knowledge of the supply chain is the first and most critical step in understanding where risks lie; and it is only with that base knowledge that we can make the most informed, balanced decisions – whether for our voting machines, packaged goods, beauty products or food supply.” 

About the Study

The Interos platform broke down a voting machine into a list of component parts, identifying 140 digital and physical components that make it up. Interos began by discovering the 38 components that the manufacturer directly buys from suppliers (their tier 1 suppliers), then identified the 50 known parts that make up those components and identifying the suppliers behind those parts (the tier 2 suppliers). Interos then went another step further, identifying the 70 components within those components and the associated businesses (the tier 3 suppliers).

The Interos voting machine report is one in its full research series of reports on supply chain and risks spanning across several industries.

About Interos

Interos protects customers’ brand and operations from risk in their extended supply chains and business relationships. The first AI-powered platform for eliminating multi-party, multi-factor risk from 3rd, 4th to nth tier parties, Interos automates discovery, detection, and response to financial, ethical, geographic, cyber and relationship risk. Designed by experts and leveraging the company’s 15 years of experience in managing the world’s most complicated supply chains, Interos provides real-time risk management for the largest commercial brands in manufacturing, financial services, and aerospace and defense.

For more information, visit


1 Hearing on “Public-Private Initiatives to Secure the Supply Chain,” by the Committee on Homeland Security; Subcommittee on Oversight, Management & Accountability