“Air-Gapped”

Yesterday we wrote about the panic buttons that are being deployed by the Washoe County Registrar of Voters Office, Deputy ROV Andrew McDonald, for the general election.

While we were watching the October 22, 2024 meeting and listening to McDonald’s updates we thought, “let’s send his presentation to a network security professional” whose job it is to find holes in systems. Remember our publisher is retired from Lawrence Livermore National Laboratory (LLNL).

We asked for a critique of what Washoe County’s Andrew McDonald presented to the Washoe County Commissioners.

Dominion Voting Systems: Are These "Air-Gapped" Claims Misleading?

In an era where cyber threats and data integrity are high-stakes issues, public trust in voting infrastructure is essential. Picon Press set out to examine one of the core assurances given to voters about electronic voting systems—specifically Dominion Voting Systems the very systems that are used in the state of Nevada—the notion that these systems are kept "air-gapped" or offline. While this promise is meant to reassure voters that these systems are isolated from external tampering, conversations with network experts reveal practical gaps and potential risks.

Problem 1: Software Updates and the Myth of Complete Isolation

For any complex system to remain functional and secure, regular software updates are essential. Dominion’s systems, like any other, rely on operating system updates to fix vulnerabilities and improve performance. But how do these updates occur without an internet connection?

Our interview with a network security professional revealed that these updates are likely downloaded from the internet onto removable media (such as USB drives or external hard drives) and then transferred to the voting systems. This process, often referred to as "sneaker-netting," creates a critical vulnerability: if an update file from the internet contains malicious code or a defective patch, it could compromise the voting machines when transferred.

Consider the experience of any average computer user—how often have people downloaded a driver or update that turned out to be defective or, worse, malicious? The stakes are considerably higher here. Even with virus scans or secure transfer protocols, there is still a risk, as seen in past instances of problematic updates in corporate environments.

Problem 2: Encryption Standards – Is the Data Truly Secure?

Encryption is being cited as a line of defense to keep vote data secure, but not all encryption is equal. End-to-end encryption is the gold standard in modern cybersecurity, meaning data remains encrypted from start to finish. However, Dominion and other manufacturers have not specified whether they use end-to-end encryption on their voting systems, leaving a significant gap in public knowledge about potential vulnerabilities.

Without end-to-end encryption, vote data could theoretically be intercepted at various points in the chain—while being transferred, processed, or even tabulated. Worse, if these systems use weak encryption algorithms, such as MD5, an outdated and vulnerable encryption form, votes could be easily decrypted. Some forms of encryption can be broken by an average home computer in seconds, exposing critical voting data. Encryption, in short, is not inherently a guarantee of security; its effectiveness depends entirely on the method used.

Problem 3: The Role of a Third-Party Hash Validator – An Unnecessary Risk?

To ensure that only verified software runs on voting machines, a third-party company has been introduced to check file integrity through hash values. A hash is a unique string generated by a hash function, which should theoretically match the intended software file and detect any alterations. However, this process raises several important questions: Why involve a third party to verify file hashes instead of relying on county IT professionals?

Local IT experts, such as those in Washoe County, could easily verify hash values themselves. By introducing a third party, access to the voting infrastructure is expanded unnecessarily. This might suggest a lack of trust in local IT teams' skill sets or a potential outsourcing of responsibility that opens the door to additional vulnerabilities. Each additional access point to voting systems introduces a potential risk.

Final Thoughts

While Dominion's voting systems may not be directly connected to the internet, the processes around updates, encryption, and third-party verification introduce risks that could undermine the integrity of the “air-gapped” premise. Technology alone does not secure these systems—careful, consistent oversight and transparency are essential to maintaining voter confidence. In light of these observations, voters and officials alike might wonder: are current measures enough to keep our votes secure, or is it time to reevaluate the methods by which we safeguard our elections?