Uncovering a Major Security Breach in Colorado’s Voting System

Red emergency light glowing in the dark.
Closeup of a bright red police light shot through a smoky night

Allegations surrounding the exposure of BIOS passwords in Colorado’s voting systems have sparked significant concern over election security and the measures in place to safeguard it.

At a Glance

  • BIOS passwords for voting systems in 63 counties were unintentionally exposed.
  • The online spreadsheet remained publicly accessible for several months.
  • Secretary of State Jena Griswold faces intense criticism but claims no significant security threat.
  • Investigations are ongoing, with assistance from CISA, to ensure no breaches occurred.

Extent of the Leak

Secretary of State Jena Griswold stands at the center of media scrutiny after BIOS passwords affecting 63 out of Colorado’s 64 counties were inadvertently posted online. The spreadsheet, accessible for months, contained over 600 passwords, potentially jeopardizing the security of voting systems. Despite these concerns, Griswold maintained that without physical access, these passwords pose no imminent threat. However, known vulnerabilities have heightened calls for strengthened security measures across election infrastructures.

With calls for her resignation growing louder, Griswold compared this issue to a similar incident involving Mesa County Clerk Tina Peters. The security breach put on hold the use of specific components in Mesa County but contrasts with current practices where potentially compromised machines remain operational. Criticism over the delayed notification to county clerks at the time the news broke added to the state’s administrative challenges.

Investigative Actions and Criticism

Ongoing investigations are conducted in collaboration with the Cybersecurity and Infrastructure Security Agency (CISA) to assess the scope of the breach and ensure no damage has occurred. Griswold assured the public that efforts are underway to reset passwords and review access logs. Nonetheless, the incident drew sharp criticism from political adversaries, including House Minority Leader Rose Pugliese, who stated, “Griswold’s reckless disregard for professional standards and consistent lack of transparency has threatened trust in our democratic system by causing doubt in the security of our election process.”

Griswold’s defense highlights that two unique passwords—kept in separate locations—are required for any voting equipment access. Further measures including stringent access controls and surveillance over voting machines, assure stakeholders of the election’s integrity.

Security Measures Amidst Political Pressure

In response to mounting pressure from Colorado Republicans demanding Secretary Griswold’s resignation, she held a press conference to address voter confidence issues related to past discrepancies. Claims of Colorado tying for “number one” in election confidence were reiterated, aiming to bolster public trust. Electoral assurance was furthered by emphasizing the state’s reliance on paper ballots and compulsory post-election audits to verify voting accuracy.

“We are working with CISA to ensure no breaches occurred, and we are actively reviewing access logs as well as changing passwords,” Griswold reaffirmed when questioned about ongoing investigations into the leak’s administrative and technical aspects.

This security mishap underscores the necessity for proactive and substantial election security measures. As election integrity remains a foundational component of democratic societies, the need for secure and vigilant systems is more pressing than ever in a rapidly changing digital landscape.

Sources:

  1. Colorado Secretary of State Faces Intense Scrutiny Over Voting Machine Password Leak Scandal
  2. Investigation continues into how Colorado voting machine passwords ended up online
  3. Colorado Secretary of State “improperly” posted partial election equipment passwords to website