The Cybersecurity and Infrastructure Security Agency (CISA) has notified election officials of software vulnerabilities found in Dominion Voting Systems equipment deployed in several states, but also that the agency has found no evidence that those vulnerabilities have ever been exploited.
The nation’s cyber defense agency said there is no evidence that the vulnerabilities have affected any election results, including the 2020 presidential election.
“We are working closely with election officials to help them address these vulnerabilities and ensure the continued security and resilience of U.S. election infrastructure,” Brandon Wales, CISA’s executive director, said in a statement to MeriTalk.
“Of note, states’ standard election security procedures would detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely,” Wales added. “This makes it very unlikely that these vulnerabilities could affect an election.”
Supporters of former President Donald Trump questioned the security of voting machines in the 2020 election, despite CISA and members of the Election Infrastructure Government Coordinating Council Executive Committee finding no evidence of any voting system compromises.
Wales emphasized CISA’s commitment to transparency with its partners and the American people, and said “it’s important to note that there is no indication that cyber vulnerabilities have contributed to any voting system deleting, losing, or changing votes.”
The agency said it plans to soon release a public advisory regarding the vulnerabilities, but did not indicate a specific publishing date.
CISA’s findings align with a new report from the MITRE Corp., a not-for-profit organization and operator of Federally-funded research and development centers.
MITRE conducted an independent technical analysis of proposed attacks on election-related devices manufactured by Dominion and used during the 2020 presidential election. Specifically, the MITRE team considered possible vulnerabilities “in the context of Georgia’s existing operational and security risk management protocols.”
“The independent technical assessment found no evidence of exploitation of Dominion voting machines, and found the existing layered security regimen incorporating cyber, physical, and operational controls mitigates identified risks,” Yosry Barsoum, vice president and director of the Center for Securing the Homeland at MITRE, said in a statement to MeriTalk. “These protocols must continue to be applied and evolve to ensure future security.”
MITRE said it shared its draft findings with Dominion, CISA, and the Georgia Secretary of State’s office. The organization plans to publish the report at a later date.
How can #tech propel #education, #workforce, #privacy, #security, and #healthcare on the road to a more succinct society? On July 21, we’ll explore how technology drives #transformation and regulation at #MerITocracy2022. Register: bit.ly/38lnahE pic.twitter.com/1PFKGKuuS5
The @DoD_IG released a list of the top management and performance challenges facing the DoD in FY 2022, including strengthening DoD #cyberspace operations. meritalk.com/articles/dod-i…
The @HHSGov still needs to address a pair of open #cybersecurity priority recommendations related to cybersecurity coordination and implementation of a cybersecurity framework, according to a new @USGAO report. meritalk.com/articles/gao-h…
A new report by the successor of the congressionally chartered Cyberspace Solarium Commission, called CSC 2.0, is calling on the @ONCD and Congress to bolster the nation’s #cybersecurity workforce. meritalk.com/articles/csc-2…
@CISAgov’s #zerotrust security model allows #Federal agencies the flexibility to choose the best plan for them to achieve zero trust architecture. How and where should agencies start? Read: ow.ly/9kqU50JewTE pic.twitter.com/8yHUWES4Lw