CISA TLP-AMBER Report: 319 Critical Vulnerabilities – 47% Active Exploitation Rate – Iranian APT Obtained U.S. Voter Registration Data – “Most Secure” Declaration Contradicts Classified Data (US)

CISA’s own classified TLP-AMBER Election Infrastructure Subsector Cyber Risk Summary – produced but not publicly released in a voter-accessible form – documented: (1) 319 Critical-severity and 1,820 High-severity vulnerabilities in election infrastructure during the 12 months preceding Election Day; and (2) approximately 47% of election infrastructure entities with Critical vulnerabilities experienced active exploitation events during 2020. On the same day the election was held – November 3, 2020 – CISA issued Alert AA20-304A documenting that Iranian APT actors obtained U.S. voter registration data. On October 9, 2020, CISA issued Alert AA20-283A documenting APT actors targeting state, local, tribal, and territorial government networks containing election infrastructure. Notwithstanding this classified and public documentation of active foreign exploitation of election infrastructure, CISA Director Christopher Krebs signed the November 13, 2020 joint statement declaring the election “the most secure in American history.” This declaration – issued 10 days after CISA’s own alert documenting Iranian APT success in obtaining voter data – creates a direct and legally significant contradiction between CISA’s public statement and its own classified and unclassified risk data. CISA additionally sought to suppress the Halderman vulnerability report for 22 months after it was disclosed in September 2021. These 22 months encompassed Georgia’s January 5, 2021 Senate runoff elections – conducted on the same vulnerable BMD platform – during which voters received no warning of the documented vulnerabilities.