Diebold Suffering from Schizophrenia Over SAIC Report?

The SAIC report evaluating Diebold software was quietly released today. It would seem that either Diebold is having a complete mental breakdown, or they are reading a completely different report.

"We are pleased to be moving forward," said Thomas W. Swidarski, president of Diebold Election Systems. "The thorough system assessment conducted by SAIC verifies that the Diebold voting station provides an unprecedented level of election security."

Huh? That's not what the report I read says.

This Risk Assessment has identified several high-risk vulnerabilities in the implementation of the managerial, operational, and technical controls for AccuVote-TS voting system. If these vulnerabilities are exploited, significant impact could occur on the accuracy, integrity, and availability of election results. In addition, successful exploitation of these vulnerabilities could also damage the reputation and interests of the SBE and the LBEs. This Risk Assessment also identified numerous vulnerabilities with a risk rating of medium and low that may have an impact upon AccuVote-TS voting if exploited.

2.1.1 AccuVote-TS voting system is not compliant with State of Maryland Information Security Policy & Standards

Failure to meet the minimum security requirements set forth in the State of Maryland Information Security Policy and Standards indicates that the system is vulnerable to exploitation. The results of a successful attack could result in voting results being released too soon, altered, or destroyed. The impact of exploitation could lead to a failure of the elections process by failing to elect to office, or decide in a ballot measure, according to the will of the people. The impact could be a loss of voter confidence, embarrassment to the State, or release of incomplete or inaccurate election results to the media.

2.1.2. SBE has not ensured the integrity of the AccuVote-TS voting system

Failure to ensure the integrity of the AccuVote-TS system could result in vital information being changed such that this information no longer accurately reflects the collective will of the voters.

2.1.6. The AccuVote-TS voting system training does not include an information security component

Failure to conduct security awareness, training and education leaves election officials at all levels potentially unaware of the vulnerabilities and threats to their system. Without this awareness, the officials may not correctly or completely carry out vital security duties. Since the security of the AccuVote-TS system relies on non-technical controls performed by personnel, such as election judges, this awareness is vital to ensuring the security of the system.

2.1.9. No documentation currently exists regarding appropriate access controls to the AccuVote-TS voting system

Without proper documentation, the consistent implementation of security controls cannot be verified or validated.

2.2.1. SBE relies upon Diebold (the AccuVote-TS vendor) to load the version of software certified by the Independent Test Authority

The SBE is required to ensure that the implemented software version and firmware version of the AccuVote-TS is the one certified by the ITA. The SBE relies upon Diebold to load the certified versions, therefore Diebold could load uncertified versions. Diebold has a contractual obligation to load only the ITA-certified versions, but controls are not in place to ensure that this occurs.

2.2.2. SBE GEMS server is connected to the SBE intranet

The current security controls employed for the AccuVote-TS voting system require that the system not be connected to any network. The Direct Recording Equipment (DRE) voting terminals themselves are not connected to any network. However, the SBE Global Election Management System (GEMS) server is connected to the SBE intranet, which has access to the Internet. In addition, the server contains some Microsoft Office products not required for the operation of the AccuVote-TS voting system.

2.3.1. Audit logs are not configured properly, and are not reviewed

Failure to properly log, and to review those logs makes it significantly more likely that an intruder’s actions will not be detected. Assurance of non-detection may encourage a possible intruder to attempt a penetration of the system.

2.3.2. GEMS server configuration is not compliant with State of Maryland Information Security Policy & Standards for identification and authentication

[All explanations redacted]

2.5. Overall Risk Rating

The system, as implemented in policy, procedure, and technology, is at high risk of compromise. Application of the listed mitigations will reduce the risk to the system. Any computerized voting system implemented using the present set of policies and procedures would require these same mitigations.

Folks, that last paragraph says it all. No matter how Diebold wants to spin it, their equipment, as deployed was "at high risk of compromise".