Sunday, May 29, 2022

Federal Review Says Dominion Flaws Not Exploited In Elections

Federal Cybersecurity Officials have Verified there are Software Vulnerabilities, in certain Ballot-Marking devices made by Dominion Voting Systems, discovered during a Georgia Court Case, in theory allow a malicious actor to Tamper with the devices, according to a Draft analysis.

But, the Vulnerabilities have never been Exploited in an Election, and doing so would require a Physical Access to Voting equipment or other extraordinary criteria, standard Election Security practices Prevent, according to the Analysis from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

"While these vulnerabilities present risks that should be promptly mitigated, CISA has no evidence that these vulnerabilities have been exploited in any elections," reads the Draft CISA Advisory, which the Agency shared in a briefing with State and Local Officials, on Friday.

In preparing for the Disclosure of the Software Vulnerabilities, CISA on Friday, updated its "Rumor Control" website, which it used to rebut Claims of Election Fraud during the 2020 Election, with a New entry. "The existence of a vulnerability in election technology is not evidence that the vulnerability has been exploited or that the results of an election have been impacted," the new Rumor Control Posting reads.

The Vulnerabilities affect a type of Dominion Ballot-Marking device known as the Democracy Suite ImageCast X, according to the CISA Advisory, that is only used in certain States. "We are working closely with election officials to help them address these vulnerabilities and ensure the continued security and resilience of US election infrastructure," CISA Executive Director Brandon Wales, said. "Of note, states' standard election security procedures would detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely. This makes it very unlikely that these vulnerabilities could affect an election."

The CISA analysis is of a Security assessment done by a University of Michigan Computer Scientist at the behest of Plaintiffs in a long-running Lawsuit against Georgia's Secretary of State. The Computer Scientist, J. Alex Halderman, was given Physical access over several weeks to the Dominion Ballot-Marking devices, which print out a Ballot after Voters make their choice on a Touch Screen. Halderman's Report is still under Seal with the Court.

But according to Halderman and People who have seen the Report, it claims to demonstrate how the Software flaws could be used to alter QR codes printed by the Ballot-Marking Devices, so those Codes do Not match the Vote recorded by the Voter. Postelection Audits, which compare Paper Trails with Votes recorded on Machines, could catch the Discrepancy. This was my Complaint when Georgia First started using this Voting system.

Election Experts say Physical access Controls and other layers of Defense, along with Postelection Audits, help mitigate the Threat of Votes being manipulated via Cyberattacks. The CISA Warning notes most Jurisdictions using the machines tested already have adapted the Mitigations recommended by the Agency. Dominion has provided Updates to machines to address the vulnerability.

Separately, the Georgia's Secretary of State's Office released a Statement Friday, on a Review of the State's Election systems conducted by Mitre Corp., a Federally Funded Nonprofit. While the Mitre Report has Not been made Public, Gabriel Sterling, Georgia's Deputy Secretary of State, said in a Statement Friday, the Report showed "existing procedural safeguards make it extremely unlikely for any bad actor to actually exploit any vulnerabilities."

NYC Wins When Everyone Can Vote! Michael H. Drucker

No comments: