Wash. Rev. Code § 29A.12.210
Each county auditor shall implement no later than July 1, 2027, cybersecurity measures including but not limited to:
(3) Isolation of all ballot counting equipment and voting system components as defined in RCW 29A.12.005 from any other network including:
(4) No configuration of voting systems to:
[ 2025 c 329 s 4.]
Findings—Intent—2025 c 329: "(1) The legislature finds that the electronic and physical security of election and voting infrastructure are of primary importance, and wishes to require new security requirements. The legislature further finds that:
(a) Requiring the use of the ".gov" top-level domain on all websites and email communication reduces opportunities for confusion and cyber threats. The ".gov" top-level domain is managed by the United States department of homeland security through the cybersecurity and infrastructure security agency, is limited to bona fide government agencies, and features fraud prevention controls. There is no fee charged to adopt a ".gov" top-level domain.
(b) Requiring the partitioning of internal government networks, servers, and other supporting electronic infrastructure separate from other electronic equipment housed in the same location provides a more secure environment. Partitioning can involve physically or logically separating the entire auditor's office, including all its information technology systems and assets, or focusing specifically on election and voting infrastructure from other county assets. The goal is to reduce the risk of compromises that may occur on other parts of the county network. Partitioning also enables tighter control and monitoring of access to critical systems, whether it applies to the entire auditor's office or just election-related systems and assets.
(c) Because the secretary of state and county election offices are electronically interconnected and speedy communication with the state when a county is under attack or has suffered a security breach is imperative, requiring all vendors supporting county or state cyber assets to communicate to the secretary of state and the attorney general immediately after detecting a breach or successful cyber attack against their assets is necessary to maintain security.
(2) The legislature intends to require adoption of these security measures in all county election offices as soon as practicable, but no later than July 1, 2027." [ 2025 c 329 s 1.]