A U.S. cybersecurity agency published new information advising of software vulnerabilities found in electronic voting machines from a leading vendor used in Arizona and more than a dozen other states across the country.

According to the June 3, 2022 report from the Cybersecurity & Infrastructure Security Agency, flaws within Dominion Voting Systems Democracy Suite ImageCast X in-person voting equipment, used to allow voters to mark their ballot, make them an easy target for hackers. As a result, they’re calling upon election officials to take action to safeguard and secure these machines ahead of any elections they’re used in.

CISA addresses nine vulnerabilities and lays out a list of protective measures for election officials to take to prevent security breaches, which include:

• Contact Dominion Voting Systems to determine which software and/or firmware updates need to be applied. Dominion Voting Systems reports to CISA that the above vulnerabilities have been addressed in subsequent software versions.

• Ensure all affected devices are physically protected before, during, and after voting.

• Ensure compliance with chain of custody procedures throughout the election cycle.

• Ensure that ImageCast X and the Election Management System (EMS) are not connected to any external (i.e., Internet accessible) networks.

• Ensure carefully selected protective and detective physical security measures (for example, locks and tamper-evident seals) are implemented on all affected devices, including on connected devices such as printers and connecting cables.

• Close any background application windows on each ImageCast X device.

• Use read-only media to update software or install files onto ImageCast X devices.

• Use separate, unique passcodes for each poll worker card.

• Ensure all ImageCast X devices are subjected to rigorous pre- and post-election testing.

• Disable the “Unify Tabulator Security Keys” feature on the election management system and ensure new cryptographic keys are used for each election.

• As recommended by Dominion Voting Systems, use the supplemental method to validate hashes on applications, audit log exports, and application exports.

• Encourage voters to verify the human-readable votes on printout.

• Conduct rigorous post-election tabulation audits of the human-readable portions of physical ballots and paper records, to include reviewing ballot chain of custody and conducting voter/ballot reconciliation procedures. These activities are especially crucial to detect attacks where the listed vulnerabilities are exploited such that a barcode is manipulated to be tabulated inconsistently with the human-readable portion of the paper ballot. (NOTE: If states and jurisdictions so choose, the ImageCast X provides the configuration option to produce ballots that do not print barcodes for tabulation.)

“Having served as both the Chair of the Elections Committee and now the Government Committee, I knew most of these vulnerabilities existed and have proposed legislation to address the security of Dominion’s machines,” said Senator Townsend. “Although I would like to see the machines removed completely, there are not yet the votes required to make that happen. In the meantime, these steps represent the least we must do to secure our elections, and I call on the Legislature to pass these and other CISA recommended measures this legislative session.”

Election integrity and voter security bills introduced by Kelly Townsend in previous legislative sessions, as well as the 2022 legislative session, include:

• SB1241 (voting equipment; ballots; receipt): Requires an electronic voting system to provide a paper receipt to the voter at the time the voter’s ballot is received for tabulation.

• SB 1242 (election equipment; security; legislative review): Requires a detailed review by a security expert of election equipment and review submitted to the legislature.

• SB 1616 (election equipment; security; results; tabulation): Prohibits any voting equipment used in a polling place or voting center or any tabulation equipment used at a central counting center or other tabulation center from having internet access.

• SB 1359 (election workers; unique passwords): Requires a unique login and password of election workers.

• SB 1570 (election equipment; security; results; tabulation): Requires an accessible port on any voting equipment or tabulation equipment to be locked with a tamper-proof seal and logged in a chain of custody document when broken or accessed. Requires the delivery, use and return of voting equipment to be logged on a chain of custody document so that the name and signature of every person who delivers, receives, uses and returns the equipment is recorded and retained as an official elections record.

• SB1603 (elections; auditor general): Allows the auditor general to conduct an audit of the election as well as equipment security.

• SB1608 (precinct tabulation; verification; elections): Requires ballots to be tabulated at the polling location and verified by poll workers of two different parties

Source link

By admin

Leave a Reply

Your email address will not be published.