| Recurring |
one_organization, multiple_organization |
(a) The software failure incident having happened again at one_organization:
- Dominion Voting Systems Inc. is mentioned in the article as one of the three major companies dominating the election technology industry [86946]. It is noted that Dominion's newer systems are not affected by the upcoming Windows software issues, but the company has election systems acquired from no-longer-existing companies that may run on even older operating systems. This situation could be seen as a potential software failure incident within the organization if those older systems face vulnerabilities or issues similar to the ones highlighted in the article.
(b) The software failure incident having happened again at multiple_organization:
- The article mentions that the vast majority of election jurisdictions nationwide, including battleground states like Pennsylvania, Wisconsin, Florida, Iowa, Indiana, Arizona, and North Carolina, use Windows 7 or older operating systems for election processes [86946]. This indicates that the issue of running on outdated software and facing vulnerabilities is not limited to a single organization but is a widespread concern across multiple election jurisdictions and states. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase is evident in the article. The article highlights a significant issue where many election jurisdictions nationwide, including Pennsylvania, are using Windows 7 or older operating systems to create ballots, program voting machines, tally votes, and report counts. With Windows 7 reaching its "end of life" and Microsoft ceasing to provide technical support and patches after January 14, 2020, the systems running on this outdated software become more vulnerable to hackers [86946].
(b) The software failure incident related to the operation phase is also apparent in the article. It mentions that election systems running on Windows 7 face a security risk as Microsoft stops providing support and patches for this operating system. The article discusses the challenges faced by election administrators in upgrading their systems to Windows 10, which has more security features, before the primaries begin in February. This operational issue poses a vulnerability to potential cyberattacks due to the lack of support for the outdated software [86946]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident related to the end of Windows 7 support for election systems can be categorized as within_system. This is because the issue arises from the fact that many election jurisdictions nationwide use Windows 7 or older operating systems to create ballots, program voting machines, tally votes, and report counts. With Windows 7 reaching its "end of life," Microsoft will stop providing technical support and producing patches to fix software vulnerabilities, leaving these systems more vulnerable to hackers [86946]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
The software failure incident in the articles is primarily related to the end of support for Windows 7 by Microsoft. This non-human action of Microsoft ending support for Windows 7 is a significant contributing factor to the vulnerability of election systems running on this outdated operating system [86946].
(b) The software failure incident occurring due to human actions:
Human actions also play a role in this software failure incident. The decision by election jurisdictions to continue using Windows 7 or older operating systems despite the known risks and the lack of federal requirements or oversight in ensuring the security of election systems are examples of human actions contributing to the vulnerability of the systems [86946]. |
| Dimension (Hardware/Software) |
hardware, software |
(a) The software failure incident occurring due to hardware:
- The article discusses the issue of election systems running on old software like Windows 7, which will soon be outdated and more vulnerable to hackers due to the end of support from Microsoft [86946].
- It mentions that some election systems are using older operating systems that will reach their end of life, making them susceptible to cyberattacks [86946].
- The article highlights the concern that election systems are not supposed to be connected to the internet, but various stages of the election process require transfers of information, which could be points of vulnerability for attackers [86946].
(b) The software failure incident occurring due to software:
- The main focus of the article is on the software aspect of the failure, particularly the reliance on outdated operating systems like Windows 7 in election systems [86946].
- It discusses the lack of federal requirements or oversight in ensuring the security of election systems, leaving it up to private companies to determine the security level of the systems [86946].
- The article also mentions the challenges faced by election administrators in updating their systems to newer, more secure software versions like Windows 10, which is a software-related issue [86946]. |
| Objective (Malicious/Non-malicious) |
non-malicious |
(a) The software failure incident mentioned in the articles is non-malicious. The failure is primarily due to the use of outdated software, specifically Windows 7, in election systems across various states. The end of support for Windows 7 by Microsoft is a critical factor contributing to the vulnerability of these systems to potential cyberattacks [86946]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions, accidental_decisions |
(a) The software failure incident related to the end of support for Windows 7 in election systems can be attributed to poor decisions made by election jurisdictions and vendors. The incident highlights how many election jurisdictions nationwide, including battleground states like Pennsylvania, Wisconsin, Florida, and others, are still using Windows 7 or older operating systems for critical election processes despite the impending end of support for Windows 7 [86946]. This situation reflects a lack of proactive decision-making to ensure the security and integrity of election systems, as highlighted by experts like J. Alex Halderman, who warned about the risks of not keeping software up-to-date [86946]. Additionally, the article mentions that the election technology industry is dominated by a few major vendors who have been slow to address the issue, with only one of the major vendors having newer systems unaffected by the upcoming Windows software issues [86946].
(b) The software failure incident can also be seen as a result of accidental decisions or unintended consequences. The article mentions that the situation with Windows 7 reaching its end of life for election systems was not anticipated by many election jurisdictions and vendors, leading to a scenario where critical election processes could be left vulnerable to hackers due to the lack of support and patches for the outdated software [86946]. The article highlights that election administrators are now facing the challenge of trying to upgrade their systems while preparing for upcoming primaries, indicating that the consequences of relying on outdated software were not fully foreseen [86946]. Additionally, the article points out that the certification process for election systems, which is meant to ensure proper functioning on tested operating systems, may not adequately address cybersecurity concerns or keep pace with evolving technology, leading to unintended vulnerabilities in the systems [86946]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident related to development incompetence can be seen in the article where it is highlighted that many election jurisdictions nationwide, including Pennsylvania, are still using Windows 7 or older operating systems for their election systems. This is a concern because Windows 7 reached its "end of life" on Jan. 14, 2020, meaning Microsoft stopped providing technical support and producing patches to fix software vulnerabilities. The article mentions that the election technology industry is dominated by three major companies, and only one of them, Dominion Voting Systems Inc., has newer systems that are not affected by the upcoming Windows software issues. ES&S, the largest vendor, completed its latest certification using Windows 7, and Hart's last certification was on a Windows version that won't be supported by November 2020. This situation raises concerns about the lack of professional competence in ensuring that election systems are up-to-date and secure [86946].
(b) The software failure incident related to accidental factors can be inferred from the article where it mentions that the use of election systems running on outdated software like Windows 7 poses a significant security risk. The article highlights that the end of support for Windows 7 means that hackers could exploit vulnerabilities in these systems, as Microsoft will no longer provide security updates. This situation was not intentional but rather a consequence of jurisdictions and vendors not keeping the software up-to-date. The article also mentions that election administrators are facing challenges in upgrading their systems to Windows 10 due to the lengthy and costly certification process, indicating that the situation was not planned but rather an unintended consequence of using outdated software [86946]. |
| Duration |
permanent |
(a) The software failure incident mentioned in the articles is more likely to be permanent. This is because the issue highlighted in the articles is the fact that many election systems across the U.S., including in Pennsylvania and other battleground states, are still running on Windows 7 or older operating systems that are reaching their end of life. Microsoft is ending support for Windows 7, which means no more security updates or patches will be provided after a certain date. This leaves the systems vulnerable to hackers exploiting software vulnerabilities [86946]. The potential consequences of not updating the systems could have a lasting impact on the security and integrity of election systems, making it a permanent issue until addressed. |
| Behaviour |
crash, omission, timing |
(a) crash: The article mentions the WannaCry ransomware attack in 2017, which froze systems in 200,000 computers across 150 countries, indicating a crash scenario where the systems lost their state and were unable to perform their intended functions [86946].
(b) omission: The article discusses the issue of election systems running on outdated software like Windows 7, which will soon be vulnerable to hackers due to the lack of technical support and patches. This omission to update the software can lead to the system omitting to perform its intended functions securely [86946].
(c) timing: The article highlights the upcoming end of support for Windows 7, which could lead to the systems performing their functions correctly but at the wrong time due to the lack of timely updates and security patches [86946].
(d) value: There is no specific mention of a failure due to the system performing its intended functions incorrectly in the articles.
(e) byzantine: The articles do not provide information about a failure due to the system behaving erroneously with inconsistent responses and interactions.
(f) other: The articles do not describe a failure behavior that falls outside of the options provided. |