Skip to content

Cyber attackers sought: Swiss Post begins endurance test for e-voting system

The more transparent, the more secure: starting today, Swiss Post is calling on ethical hackers worldwide to target its e-voting system for the fifth time. The public intrusion test runs until 24 August – and anyone quick off the mark can get their hands on attractive additional bonuses for the first confirmed vulnerabilities.

Security is the top priority for e-voting in Switzerland.

 

Swiss Post is committed to transparency in e-voting: since 2021, all security-relevant components of its e-voting system have been publicly accessible. Specialists around the world can test the system around the clock through an open-ended bug bounty programme – with the prospect of financial bonuses for confirmed vulnerabilities.

 

Swiss Post also regularly conducts what are known as public intrusion tests. Over the course of a set period of time, ethical hackers systematically attempt to hack into the system. Tests of this kind are prescribed by law and are a key component of e-voting trial operation in the cantons. The public intrusion test, which lasts several weeks, is part of Swiss Post’s e-voting community programme.

 

Man in front of a screen

 

The intrusion test will last until 24 August 2025

 

From today until 24 August, Swiss Post is making its e-voting environment available for targeted attacks at pit.evoting.ch. The latest version of the system, which will be used for votes and elections from 2026, is set to be tested. IT professionals around the world can simulate the voting process, identify security vulnerabilities and attempt to infiltrate the electronic ballot box. For the first time, they can also test the functionality of the open text fields. These “write-ins” can be used for elections in which voters can enter their preferred candidates themselves if they are not on the official lists.

 

Attractive rewards for successful participants

 

For confirmed vulnerabilities, Swiss Post pays premiums of up to 250,000 francs. In addition to the bonus, the hackers who report the first three confirmed findings will receive a bonus of 3,000 francs. Since the launch of the bug bounty programme for e-voting, Swiss Post has paid out over 220,000 francs for confirmed findings to ethical hackers.

 

Why public security testing works

 

Public intrusion tests are a proven cybersecurity tool. They supplement internal and external audits with independent testing carried out by the global IT community.

 

The advantages:

 

  • Diversity of perspectives: different ways of thinking lead to more creative hacking scenarios.
  • Realistic tests: the attacks simulate real threats in real-life conditions.
  • Early detection: vulnerabilities are discovered before they can be exploited.
  • Building trust: transparency strengthens trust in digital processes and Swiss Post’s e-voting system.

BärnHäckt 2025: innovation meets security

For the first time, Swiss Post is sponsoring the BärnHäckt hackathon, which takes place in Bern from 22 to 24 August. Swiss Post will present its e-voting system and offer a workshop on secure code and threat modelling. Swiss Post security champions will show how attacks can be identified and fended off in the software design itself. Swiss Post is also organizing a quiz with great prizes for the brightest minds. Anyone interested can now register free of charge for BärnHäckt and become part of a community that not only demands digital security, but lives it. 

 

Cybersecurity at Swiss Post: more than just tests

 

Public tests such as the PIT and events like BärnHäckt are important components of Swiss Post’s e-voting trial operation and cybersecurity strategy. But they are only one part of a comprehensive approach to security:

 

  • Security by design: Security is part of the system architecture from the outset.
  • Regular audits: Internal and external audits remain key.
  • Security awareness: Training sessions raise the security awareness of everyone involved.
  • Transparent communication: Openness in dealing with vulnerabilities creates trust.

 

Once the intrusion test is complete, Swiss Post will publish a report – as it has in previous years. For those interested, it details whether the system withstood the attacks, and how.

 

Subscribe to the blog

Sign up for our E-government blog and you’ll receive regular updates on our latest blog articles, expert opinions and industry trends.