Security researchers recently discovered vulnerabilities in some Dominion voting systems that are used across multiple states, according to an ICS Advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
If you can recall the unfortunate mayhem and controversy surrounding the 2020 U.S. elections, you'll remember that Dominion systems were at the center of a lot of conversations. People questioned the validity of the systems, if they were secure, and how we would act if there were any serious concerns about how votes were being counted.
Thankfully, no issues were found with the Dominion voting systems and all votes were appropriately accounted for, despite the best efforts from certain individuals who were convinced otherwise.
Similarly, the vulnerabilities recently discovered have had no impact on any elections, according to CISA. The advisory says:
"This advisory identifies vulnerabilities affecting versions of the Dominion Voting Systems Democracy Suite ImageCast X, which is an in-person voting system used to allow voters to mark their ballot. The ImageCast X can be configured to allow a voter to produce a paper record or to record votes electronically. While these vulnerabilities present risks that should be mitigated as soon as possible, CISA has no evidence that these vulnerabilities have been exploited in any elections.
Exploitation of these vulnerabilities would require physical access to individual ImageCast X devices, access to the Election Management System (EMS), or the ability to modify files before they are uploaded to ImageCast X devices. Jurisdictions can prevent and/or detect the exploitation of these vulnerabilities by diligently applying the mitigations recommended in this advisory, including technical, physical, and operational controls that limit unauthorized access or manipulation of voting systems.
Many of these mitigations are already typically standard practice in jurisdictions where these devices are in use and can be enhanced to further guard against exploitation of these vulnerabilities."
CISA Director Jen Easterly took to Twitter to share her thoughts on the vulnerabilities in Dominion voting systems:
My statement on today's advisory on vulnerabilities affecting certain versions of Dominion Voting Systems' software. While these risks should be mitigated as soon as possible, we have no evidence they have been exploited in any elections.— Jen🛡Easterly (@CISAJen) June 3, 2022
Full report: https://t.co/sFNs1R3glG pic.twitter.com/7SGFldLv4A
A spokesperson for Dominion spoke with CNN about the advisory from CISA, sharing that it "reaffirms what thousands of hand counts and recounts have proven: Dominion machines are accurate and secure." They continued:
"The issues raised in the advisory are limited to ballot marking devices, not vote tabulators. These issues require unfettered physical access to election equipment, which is already prohibited by mandatory election protocols. Every voting system, even hand counting, depends on these same process protections to ensure secure elections."
CISA asks that all election officials continue to enhance defensive measures to reduce the risk of vulnerabilities being exploited. A list of recommended mitigations is included in the advisory.
Despite the discovered vulnerabilities, it is comforting to know that our election systems are secure and that CISA is constantly working to make sure it stays that way.
For more technical information, read the advisory from CISA.