| Recurring |
one_organization |
(a) The software failure incident having happened again at one_organization:
The incident of software vulnerability and security issues in Georgia's election system occurred multiple times within the same organization. Logan Lamb, a security expert, discovered the server vulnerability in August 2016, and the server was left exposed to the internet for at least six months. Additionally, election-related files were deleted from the server in March 2017 after a colleague alerted officials about the server's vulnerability [94614].
(b) The software failure incident having happened again at multiple_organization:
The articles do not provide information about the software failure incident happening again at multiple organizations. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the design phase can be seen in the incident where a security expert found evidence suggesting the election server in Georgia was compromised in December 2014 due to an attacker exploiting a bug that provided full control of the server. Additionally, there were concerns about the vulnerability of the software running on the voting machines being phased out in Georgia, which were found to be vulnerable to known attacks [94614].
(b) The software failure incident related to the operation phase is evident in the issues faced during the local elections in Georgia, where new touch-screen voting machines unexpectedly shut down and rebooted, leading to delays in checking in voters. There were also concerns raised about the potential intrusions or malfunctions in the state's newest voting machines, indicating operational challenges in the election system [93676]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) The software failure incident reported in the articles is primarily within_system. The failure was due to contributing factors that originated from within the system itself, such as vulnerabilities in the election server, exposed personal data, deleted election-related files, and security issues with the voting machines [94614, 93676].
(b) However, there are also indications of outside_system factors contributing to the software failure incident. For example, the articles mention concerns about potential intrusions or malfunctions in the state's newest voting machines, which could be considered external factors impacting the system's security [93676]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The incident involved the election server central to a legal battle over the integrity of Georgia elections showing signs of being hacked, with evidence suggesting the server was compromised in December 2014 due to an attacker exploiting a bug [94614].
- The server was left exposed to the open internet for at least six months, wiped clean in mid-2017, and had election-related files deleted just after a security vulnerability alert [94614].
- The server logs only went back to Nov. 10, 2016, and evidence indicated that software running on the voting machines was vulnerable to known attacks [94614].
- The FBI obtained the server image as part of an investigation into security researchers who alerted about the server's security hole, but it is unclear if the FBI examined the image for tampering [94614].
- The new touch-screen voting machines in Georgia were reported to have programming problems, delays in checking in voters, and unexpected shutdowns and reboots, indicating potential vulnerabilities in the software [93676].
(b) The software failure incident occurring due to human actions:
- The incident involved intentional destruction of evidence by state election officials, including deleting access logs and election-related files from the server, suggesting possible foul play [94614].
- State election officials were accused of repeatedly and intentionally destroying evidence that could show unauthorized access to state election infrastructure and potential manipulation of election results [94614].
- Contractors for Election Systems & Software, the private company helping administer Georgia's elections, shared sensitive election files via a flash drive and uploaded them directly to the Internet, potentially exposing them to malware [93676].
- Concerns were raised about the handling of sensitive election files by contractors working from home and uploading files to the Internet, increasing the risk of corruption or exposure to malware [93676]. |
| Dimension (Hardware/Software) |
software |
(a) The articles do not provide information about a software failure incident occurring due to contributing factors originating in hardware.
(b) The software failure incident reported in the articles is related to software vulnerabilities and issues. For example, in Article 94614, it is mentioned that a security expert found evidence suggesting the election server was compromised due to an attacker exploiting a bug that provided full control of the server. Additionally, the article discusses how the server was left exposed online, logs were deleted, and election-related files were deleted, indicating software-related issues [94614]. In Article 93676, concerns are raised about the security of Georgia's newest voting machines, potential intrusions, and malfunctions, highlighting software vulnerabilities in the state's election system [93676]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident reported in the articles is related to a malicious objective. The incident involved a forensic image of the election server central to a legal battle over the integrity of Georgia elections showing signs that the original server was hacked. Evidence suggested that the server was compromised in December 2014, with an attacker exploiting a bug to gain full control of the server. Additionally, election-related files were deleted from the server just after a colleague alerted officials that the server remained vulnerable to hackers. There were concerns about unauthorized access to state election infrastructure and potential manipulation of election results, leading to accusations of intentional destruction of evidence by state election officials [94614].
(b) The software failure incident was non-malicious in nature. It involved concerns about the security and reliability of Georgia's election system, particularly related to new touch-screen voting machines causing delays, unexpected shutdowns, and privacy concerns during local elections in six Georgia counties. Experts raised issues about potential intrusions or malfunctions with the new voting machines and the insufficiency of the paper records they produce for verified audits of the vote. The incident highlighted structural challenges in addressing the risks in Georgia's voting system and the broader distrust of the voting process in the state [93676]. |
| Intent (Poor/Accidental Decisions) |
poor_decisions |
(a) poor_decisions: The software failure incident reported in the articles seems to be related to poor decisions made by state officials and election administrators in Georgia. The incident involved various issues such as leaving the election server exposed to the internet, wiping the server clean without notice, deleting critical election-related files, and failing to address security vulnerabilities despite being alerted multiple times [94614, 93676].
(b) accidental_decisions: The incident does not seem to be primarily related to accidental decisions or unintended mistakes. Instead, it appears to be more about deliberate actions or negligence on the part of the officials involved in managing the election server and systems in Georgia. |
| Capability (Incompetence/Accidental) |
development_incompetence, accidental |
(a) The software failure incident related to development incompetence is evident in the articles. The incident in Georgia's election system involved various issues such as the server being left exposed to the internet, evidence of compromise dating back to 2014, deletion of election-related files, and the server being wiped clean in 2017 [94614]. These actions indicate a lack of professional competence in managing the security and integrity of the election server, leading to vulnerabilities and potential compromises.
(b) The software failure incident related to accidental factors is also apparent in the articles. For example, the exposure of the election server to the internet for an extended period, accidental deletion of critical records, and the inadvertent sharing of sensitive election ballot files via a flash drive, which could have exposed them to malware, all point to accidental factors contributing to the failure [94614, 93676]. These accidental actions and oversights increased the risk of security breaches and compromised the integrity of the election system. |
| Duration |
permanent |
(a) The software failure incident described in the articles appears to be permanent. The incident involved significant security vulnerabilities and flaws in the election server and voting machines in Georgia, which were not just temporary glitches but systemic issues that persisted over time. These issues included the exposure of the election server to the internet, evidence of hacking and compromise, deletion of critical logs, vulnerabilities in the software running on voting machines, and concerns about the security and reliability of the new touch-screen voting machines. The incident also involved a lack of transparency, intentional destruction of evidence, and ongoing distrust in the election system [94614, 93676]. |
| Behaviour |
crash, omission, other |
(a) crash: The incident described in Article 94614 involved a crash behavior where the server was wiped clean in mid-2017 with no notice, just days after election integrity activists filed a lawsuit seeking an overhaul of the state's election system. This action resulted in the system losing its state and not performing any of its intended functions [94614].
(b) omission: The incident in Article 93676 highlighted an omission behavior where programming problems led to delays in checking in voters, and in some precincts, the machines unexpectedly shut down and rebooted, omitting to perform their intended functions at those instances [93676].
(c) timing: The articles did not specifically mention a failure related to timing, where the system performs its intended functions but at the wrong time.
(d) value: The articles did not mention a failure related to the system performing its intended functions incorrectly.
(e) byzantine: The articles did not mention a failure related to the system behaving erroneously with inconsistent responses and interactions.
(f) other: The incident in Article 94614 also exhibited a behavior of omission where election-related files were deleted from the server on March 2, 2017, just after a colleague alerted officials about the server's vulnerability to hackers, omitting to perform its intended functions correctly [94614]. |