Attack Vector 2: Electronic Voting Systems Integrity
Remote Access
Remote access to electronic voting systems represents the most direct and exploitable national security vulnerability in the U.S. election infrastructure. The entire federal certification architecture, from EAC testing through VVSG compliance to state-level deployment approval, rests on a foundational security assumption: that certified voting systems operate in isolation from external networks. Every security property that certification purports to guarantee, including tamper-evidence, audit trail integrity, and result authenticity, presupposes an air-gapped system in which the only inputs are physical ballots and the only operators are credentialed local officials with physical access.
When that isolation is breached, whether through factory-installed cellular modems, vendor-configured remote desktop protocols, open database ports, or undisclosed network services, every downstream security assurance collapses simultaneously. A remotely accessible election management system is not a certified system with a minor procedural deficiency. It is a fundamentally different system whose security properties are unknown and untested, operating in an environment where any actor with network access and credentials can reach the same databases, configuration files, and tabulation engines that determine election outcomes.
The national security dimension is not theoretical. DHS designated election systems as critical infrastructure in January 2017 precisely because foreign adversaries had demonstrated the capability and intent to probe and penetrate election networks. CISA’s own classified TLP-AMBER Election Infrastructure Cyber Risk Summary documented 319 critical-severity vulnerabilities in election infrastructure in the 12 months preceding the 2020 election, with a 47% active exploitation rate, and confirmed that an Iranian APT had obtained U.S. voter registration data. In this threat environment, any confirmed remote access pathway into a voting system, whether by design, by vendor configuration, or by exploitation, converts a local election administration function into a remotely targetable node on a network accessible to nation-state adversaries, criminal organizations, and any other actor capable of reaching an open port or intercepting a cellular transmission
The findings that follow document confirmed remote access pathways across multiple states and both major voting system vendors, including contractually specified internet connectivity, forensically confirmed transmissions to foreign IP addresses, vendor-installed remote desktop software, anonymous remote logins during active tabulation, and factory-equipped wireless modems connecting certified tabulators to external networks on election night.
Remote Access Findings