Election Integrity and Voting Machine Vulnerabilities during the 2020 Presidential Election
For 65 years, MITRE has helped the nation’s most critical organizations mitigate risk through analysis and objective insight, free from commercial interest. MITRE is a unique national resource in risk analysis, with decades of innovation and experience partnering with government and industry to understand and mitigate risks related to the country’s national and economic security, and critical infrastructure. MITRE’s National Election Security Lab conducted independent technical analysis of election-related devices manufactured by Dominion Voting Systems used during the 2020 presidential election, including in the state of Georgia. A team of 20 experts in elections, software security, hardware security, operational security, physical security, offensive and defensive operations, systems of systems engineering, and risk analysis collaborated to generate the methodology used and report on the Dominion devices. This objective assessment found no evidence of exploitation of Dominion voting machines. We considered possible vulnerabilities in the context of Georgia’s existing operational and security risk management protocols. Through the analysis conducted in this report, MITRE also developed a repeatable risk analysis methodology which can be applied to future election technology concerns.
Bald Eagle Report:
To help ensure public trust and confidence by providing some additional transparency, MITRE’s National Election Security Lab gathered and analyzed a wide range of relevant data. We researched several topics and data sources related to the 2020 presidential election in eight swing states and conducted analysis on data available before Election Day, including data related to early voting, early voting methods, and return and rejection rates of early ballots. We obtained data from several election and state government websites, organized the data across states into a similar schema, and developed dashboards to visualize the data and related analytical results.
Recommended Security Controls for Voter Registration:
Voter registration systems are critical and highly interconnected components of most states’ election infrastructures. This report is directed at technical members of state and local governments that maintain such systems. It recommends actionable security controls that can be applied to protect these systems.
Six Steps to a Safe, Trusted Election:
This paper distills the recommendations that we believe represent the best approaches from official sources like the Centers for Disease Control and Prevention (CDC), U.S. Election Assistance Commission (EAC), and the National Association of Secretaries of State (NASS), enriched with examples of specific state actions and our own election integrity initiative.
Cybersecurity & Infrastructure Security Agency (CISA) Election Infrastructure Security:
CISA’s Election Infrastructure Security site contains election security resources (guidance documents, reports, infographics, etc.). These resources aim to provide state and local governments, election officials, campaign officials, the vendor community, and voters with voluntary tools to secure election-related assets, facilities, networks and systems from cyber and physical risks.
U.S. Election Assistance Commission (EAC) Chain-of-Custody Best Practices:
Chain of custody documents provide evidence that can be used to authenticate election results, corroborate post-election tabulation audits, and demonstrate that election outcomes can be trusted. The recommendations contained in this document are intended for election officials who are responsible for ensuring the trustworthiness of local, state, and federal elections.
National Institute of Standards and Technology (NIST) Cybersecurity Framework Election Infrastructure Profile:
NIST has released Draft NISTIR 8310, Cybersecurity Framework Election Infrastructure Profile, to help secure our elections. This Profile provides a voluntary, risk-based approach for managing cybersecurity activities and reducing cyber risk to election infrastructure, and is meant to supplement but not replace current cybersecurity standards and industry guidelines available to election officials.
National Conference of State Legislatures (NSCL) State Elections Resources:
NCSL provides 50-state research on many election law and procedural issues to assist lawmakers in reviewing elections policy decisions.
National Association of Secretaries of State (NASS) Election Administration:
Approximately 40 members of the National Association of Secretaries of State (NASS) serve as their state’s designated chief election official, overseeing the conduct of elections according to law. Administering elections, a state and local responsibility, is a multi-faceted job requiring effective communication, coordination, and organization. Secretaries of State actively promote resources available to assist voters, including but not limited to: voter registration information, state voting procedures and requirements, state guidelines for reporting and responding to voting issues and irregularities, as well as sharing information on the reporting and certification of election results.
National Association of State Election Directors (NASED) Election Resources:
NASED members are at the forefront of the national conversations about cybersecurity, data standards for system interoperability, and civic engagement, working with federal, state, and local officials, as well as advocates and think tanks to build an election system that is secure and accessible to all. This site provides resources for voters and election officials.