Federal Agency Warns Voting Software in Several States Open to Hackers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has told state election officials that the electronic voting machines produced by Dominion Voting Systems used in at least 16 states have software vulnerabilities exposing them to hacking if not corrected.

CISA is an agency operating as part of the Department of Homeland Security that was established under President Donald Trump in 2018 and as authorized by Congress.

CISA said it has not found evidence that the flaws have been exploited to manipulate any election results. The advisory bulletin describes nine separate software issues with Dominion equipment and provides corrective and diagnostic suggestions for state election officials.

CISA Executive Director Brandon Wales issued a statement regarding the findings that said standard election security protocols would detect hacking activities exploiting the discovered weaknesses. However, the advisory does recommend immediate action to implement “defensive measures” to protect against exploitation.

The agency’s advisory used testing by University of Michigan computer scientist J. Alex Halderman, who has acted as an expert witness in a long-running election lawsuit to develop its advisory statement.

Halderman has long argued that using software-based technology to record votes relies on systems that are “inherently vulnerable to hacking.” He has repeatedly argued that hand-marked paper ballots are far more secure and the only method that ensures “meaningful post-election audits.”

He told reporters that the software issues are not something that “someone off the street” could easily exploit, but could be used by hostile nations or election insiders to create “very serious consequences.”

One of the more serious issues exposed in the advisory is a vulnerability that could allow malicious code placed on an election management system to individual voting machines throughout a covered jurisdiction.

Other problems could permit a bad actor to forge the cards used by technicians to unlock voting machines, allowing attackers to access individual machines directly to manipulate software coding. Halderman said that hack could allow someone to change recorded votes or identify the identities associated with secret ballots.

Dominion issued a statement maintaining that its products are “accurate and secure.”

Weaknesses in the Dominion software and systems may be harder to bring public attention to as a result of some incorrect claims made by Trump attorneys after the 2020 election. Dominion filed some defamation lawsuits as a result.

Halderman insisted that he was not singling out Dominion. He said that he believes it is likely that “serious problems” could be discovered in the equipment supplied by other companies if they were subjected to the same testing he conducted on Dominion products.

CISA recommended that local officials ensure voting machines are secure and protected at all times and that they conduct a series of proscribed tests before and after elections in addition to regular audits.