The Cybersecurity and Infrastructure Security Agency (CISA) has notified election officials of software vulnerabilities found in Dominion Voting Systems equipment deployed in several states, but also that the agency has found no evidence that those vulnerabilities have ever been exploited.
The nation’s cyber defense agency said there is no evidence that the vulnerabilities have affected any election results, including the 2020 presidential election.
“We are working closely with election officials to help them address these vulnerabilities and ensure the continued security and resilience of U.S. election infrastructure,” Brandon Wales, CISA’s executive director, said in a statement to MeriTalk.
“Of note, states’ standard election security procedures would detect exploitation of these vulnerabilities and in many cases would prevent attempts entirely,” Wales added. “This makes it very unlikely that these vulnerabilities could affect an election.”
Supporters of former President Donald Trump questioned the security of voting machines in the 2020 election, despite CISA and members of the Election Infrastructure Government Coordinating Council Executive Committee finding no evidence of any voting system compromises.
Wales emphasized CISA’s commitment to transparency with its partners and the American people, and said “it’s important to note that there is no indication that cyber vulnerabilities have contributed to any voting system deleting, losing, or changing votes.”
The agency said it plans to soon release a public advisory regarding the vulnerabilities, but did not indicate a specific publishing date.
CISA’s findings align with a new report from the MITRE Corp., a not-for-profit organization and operator of Federally-funded research and development centers.
MITRE conducted an independent technical analysis of proposed attacks on election-related devices manufactured by Dominion and used during the 2020 presidential election. Specifically, the MITRE team considered possible vulnerabilities “in the context of Georgia’s existing operational and security risk management protocols.”
“The independent technical assessment found no evidence of exploitation of Dominion voting machines, and found the existing layered security regimen incorporating cyber, physical, and operational controls mitigates identified risks,” Yosry Barsoum, vice president and director of the Center for Securing the Homeland at MITRE, said in a statement to MeriTalk. “These protocols must continue to be applied and evolve to ensure future security.”
MITRE said it shared its draft findings with Dominion, CISA, and the Georgia Secretary of State’s office. The organization plans to publish the report at a later date.