U.S. Election Commission Report Image 2

Download The Report Now

Key report findings include:

Use of Out-Dated Operating Systems – More than half of election systems use Windows Server 2008 r2 and Microsoft IIS 7.5 where Windows Server 2019 and Microsoft IIS 10.0 are available. Four commissions even use Windows Server 2003. Windows 2003 is an example of a legacy system that is no longer supported by its manufacturer. The U.S. Dept. of Homeland Security Cyber+Infrastructure Security Agency (CISA) sent out an alert that Windows 2003 would no longer be supported by Microsoft, including for automatic fixes, updates, or online technical assistance.


Susceptibility to Phishing -- DMARC Records are essential to prevent spoofing attacks through email. DMARC prevents hackers from sending emails that look like they from a legitimate organization. However, 59% of commissions had missing DMARC records. In addition, more than 40% of the election commissions have at least one website with an invalid or expired SSL certificate. Adversaries can leverage this lack of security by penetrating the websites.


Botnet and Spam Attack Risks -- If a digital asset of an organization become a part of botnet or spam propagation, the organization’s IP addresses are listed in publicly available blacklists. Almost one third of the election commissions have at least one asset that is reported by blacklist databases