Guest post by Harry Haury and Marly Hornik from United Sovereign Americans. Originally published at JoeHoft.com—republished with permission.
The White House has ordered a review of how to share responsibility for securing critical infrastructure with the states. This wise move harnesses local ability over a national, one-size-fits-all monolithic approach that often leads to fraud, waste and abuse of taxpayer funds.
Possibly the worst example of derelict critical infrastructure management is our voting systems. In fact, staggering failures of compliance at federal and state levels have resulted in a national emergency, as reported by credentialed cyber auditors and experts from the non-partisan election validity organization United Sovereign Americans (USA). Using official state records of the 2020, 2022 and 2024 elections, USA conducted novel research proving the invalidity of voters, votes, counts and audit records.
What is the federal government’s role in securing elections? Recent articles claim that cutting funds at the Cybersecurity Infrastructure Security Agency (CISA), within the US Department of Homeland Security, will result in election security vulnerabilities. These articles mislead the American people into believing that CISA serves the people’s interests by routinely waiving security requirements on critical infrastructure and forming public-private censorship campaigns directed at conservatives and funded by CISA. All of this in direct violation of the first amendment rights of Americans concerned about election integrity.
The reality is quite different. The first step to assuring our deviously complex voting systems are impenetrable is to define and lock down control of the operational security (OpSec) boundary. Compliance of equipment, personnel and process within can now be guaranteed, but in our current delusion, security rules are routinely violated systemwide. Officials have abandoned 15 CFR VII and 31 CFR VIII as optional, leaving supply chains for election infrastructure wide open to hostile penetration and capture.
When voting equipment is sourced abroad, CISA must prove that imported elements do not grant America’s enemies a backdoor into subverting our culture or stealing trillions of dollars through their Manchurian candidates. All proposed system components go to the Committee on Foreign Investment in the United States (CFIUS), chaired by the Secretary of the US Department of Commerce, for security review. Checking “internet connectivity” is a naive over-simplification of the many threat controls needed to deliver legitimate representation. The entire process, from purchasing equipment, reviewing software code, hiring and training voter registrars and pollworkers to certification and storage of records, should have been analyzed by CISA and CFIUS through the Federal Information Systems Modernization Act’s (FISMA) Risk Management Framework (RMF).
If Information Assurance (IA) experts at CISA did their duty, that would have happened. Every step in election process must be scrutinized for risks, vulnerabilities and compliance, as it will be used. This includes IA officers accountable to federal law at every polling site, and wherever the votes are received, counted, monitored, and stored. CISA’s mission is to secure the OpSec boundary like a national border against digital or other invasion, and continually monitor the perimeter for dynamic, evolving threats.
Did CISA perform a comprehensive RMF analysis before authorizing systems for use in federal elections? No. Did states comply with required protocols for critical infrastructure? No. Because of apathetic or disloyal officials, USA identified 8.5 million votes ascribed to voters who do not exist, or do not track to any voter at all, counted in the 2022 midterms in California, Illinois, New York, Michigan, Pennsylvania, Georgia and Ohio. Official state records of California’s 2024 election show 35% of votes came from materially deficient voter registrations. This disaster was just used to install 52 House members and Senator Schiff.
An investigation into the critical infrastructure security posture of California, Illinois, New York and other pivotal states’ voting systems cannot wait. The federal government guarantees the citizens of each state a republican form of government, and protection from invasion. Penetration into elections must be investigated, prosecuted where warranted, and fixed. In distributing tasks between the federal government and states, we must ask if we really have the resources, human, material and economic, to successfully control digital voting systems?
Harry Haury is the Chairman of United Sovereign Americans, a Cyber Security SME, and a former senior information assurance architect for the federal government.
Marly Hornik is the CEO of United Sovereign Americans and founder of New York Citizens Audit.