Colorado: Colorado Secretary of State Jena Griswold disclosed fresh information about her office’s unintentional posting of voting equipment passwords online, one week after a Colorado election hack was made public.
The Issue
After the dispute erupted into the open and damaged confidence in the state’s electoral system, the chief election official is attempting to repair the damage. The most recent is that Griswold, a Democrat, apologized Monday for the error made by a former employee in her office.
Furthermore, she also disclosed that the passwords were removed on October 24 after being available online for four months.
Her Words
In a statement she said that, “I am regretful for this error. I am dedicated to making sure we address this matter fully and that mistakes of this nature never happen again.”
Additionally, she defended her office’s choice to conceal the problem from the public for five days, claiming that she was unsure if the passwords were still active.
She added, “Making this public without understanding the size and scope of the disclosure, and without having a concrete plan for determining our technical and outreach strategy, would run contrary to cybersecurity best practices and carried a significant risk of fueling the major disinformation environment that surrounds elections today.”
Reality Check
What she hoped would not occur was the result of the lack of transparency. On October 24, a revised sequence of events shows that the secretary’s office withdrew the passwords off the website. This occured after learning about them from a voting equipment vendor who had posted them in a hidden spreadsheet tab.
Although the leak had an impact on 34 of the 64 counties in the state, an early assessment that examined web traffic and the dark web concluded that there was no imminent security danger.
The Colorado Republican Party made the hack public on October 29, the same day the state completed its initial probe and started notifying county clerks and changing passwords.
Way Ahead
Before the scandal started, the employee who made the spreadsheet departed the department in good terms, according to the office. Prior to this, Griswold refused to comment on the reason for the departure.
According to officials, it is not agency policy to store the passwords in a secret tab. We’re observing: An anonymous legal company was engaged by the secretary’s office to carry out an external inquiry in order to ascertain how it occurred and how to avoid future occurrences of the same kind.
Additionally, it calls for more cybersecurity training for employees.