Read on Twitter
OIG audit for Election and Infrastructure security
October 22 2020
Thread
October 22 2020
Thread
The audit advises to "take
additional steps to protect the broader election infrastructure, which includes polling and voting
locations and related storage facilities, among other
things"
additional steps to protect the broader election infrastructure, which includes polling and voting
locations and related storage facilities, among other
things"
Vulnerabilities identified:
Electronic Voting Systems – In lab testing environments, security researchers have repeatedly demonstrated that some voting machines are vulnerable to compromise,due to physical access to the machines.. could result in the manipulation of vote totals
Electronic Voting Systems – In lab testing environments, security researchers have repeatedly demonstrated that some voting machines are vulnerable to compromise,due to physical access to the machines.. could result in the manipulation of vote totals
Voter Registration Databases – Online voter registration systems may be vulnerable to cyber attackers seeking to gain unlawful access to voter registration database
Public Dissemination of Voting Results – State governments IT solutions generally include public internet connections to disseminate election results to the public and media on Election Day.
Public internet use could result in inaccurate reporting on numbers of
votes.
Public internet use could result in inaccurate reporting on numbers of
votes.
The audit finds:
DHS Has Not Adequately Addressed Physical Security Risks to the Election Infrastructure
DHS Has Not Adequately Addressed Physical Security Risks to the Election Infrastructure
Inadequate DHS Plans and Strategies to Support the 2020 Election
they do not adequately address other elements such as
physical security risk, threats of terrorism, and targeted violence at related storage facilities, polling places, and centralized vote tabulation locations that support the election process.
physical security risk, threats of terrorism, and targeted violence at related storage facilities, polling places, and centralized vote tabulation locations that support the election process.
CISA did not sufficiently address physical security, terrorism, and targeted violence in 3 of its recent
election security related documents:
1. #Protect2020 Strategic Plan,
2. CISA Election Security Operations Plan
3. Election Infrastructure Subsector-Specific Plan
election security related documents:
1. #Protect2020 Strategic Plan,
2. CISA Election Security Operations Plan
3. Election Infrastructure Subsector-Specific Plan
CISA did not include in its plans the priority actions cited in the
framework, such as informing state and local officials about all potential threats to the election infrastructure
framework, such as informing state and local officials about all potential threats to the election infrastructure
DHS has not updated the
following plans to include the specific goals, objectives, milestones, and priorities needed to monitor and secure the election infrastructure, and address other emerging threats, an issue that was identified in the 2019 report also
following plans to include the specific goals, objectives, milestones, and priorities needed to monitor and secure the election infrastructure, and address other emerging threats, an issue that was identified in the 2019 report also
• National Infrastructure Protection Plan
• Government Facilities Sector-Specific Plan
• Government Facilities Sector-Specific Plan
Draft recommendations letter. Concerns that the report is released just one month before the election
CISA has until March 2021 to implement recommendations
(Meaning: concerns and security issues where still an issue for this election)
Full report
https://drive.google.com/file/d/1ixNFoYQfVAtTwAkcgkZC4vxvuuFSTjIk/view?usp=drivesdk
CISA has until March 2021 to implement recommendations
(Meaning: concerns and security issues where still an issue for this election)
Full report
https://drive.google.com/file/d/1ixNFoYQfVAtTwAkcgkZC4vxvuuFSTjIk/view?usp=drivesdk
@threadreaderapp please unroll
