Unhardened Election Servers – Unauthorized USB Use, Video Games Installed, No NIST Hardening (GA)

Cybersecurity expert Harri Hursti, providing sworn testimony in Curling v. Raffensperger, documented severe operational security failures in Georgia county election offices. EMS and tabulation servers were not hardened according to NIST benchmark guidelines; servers exhibited frequent, untracked use of USB flash drives, and unauthorized software applications – including video games – were installed on election management workstations. The presence of unauthorized software creates direct pathways for malware injection via USB, introduces unknown network-facing processes that may create additional attack surfaces, and violates both the VVSG’s requirement that systems operate in a closed, controlled configuration and the principle that only certified software run on election-certified machines.