Secretary of State Jena Griswold weathered her first appearance before the state legislature to defend her sloppy response to the password leak made public just days before the critical November election.
She insists we believe her excuse that cybersecurity best practices took up to five days to figure out how to change the passwords in the affected counties.
No cybersecurity experts are we, but common-sense dictates responses to security situations take a lot less than five freaking days.
Griswold insisted to the Joint Budget Committee no rush was required because the passwords were useless to anyone who did not have direct access to the voting machines. You know, like what happened with Tina Peters.
Griswold’s “best practices” cybersecurity timeline:
- Oct. 24 Griswold learns hundreds of passwords are posed online
- Oct. 29 Media learns of the passwords leak
- Griswold informs county clerks after 9News interview
- Polis learns of leak, offers state workers and planes to change passwords in affected counties.
- Oct. 31 Griswold announces passwords have been changed but won’t say in how many counties.
- Nov. 5 Election Day
Best practices in any security situation that takes five freaking days are by that very definition, worst practices.
“I am regretful for this error, but I want to be clear today, this never posed an immediate security threat, and the security of our voting equipment was verified,” Griswold said.
It just posed a PR nightmare and once again shook the confidence by level-headed voters in our election system, left county clerks in the lurch, and caused a seismic eruption across the nation’s Conspiracy Industrial Complex.
Also, it was a security risk when it happened on Tina Peters’ watch. Just because the cameras are always recording who enters those rooms now does not make the system invincible.
Griswold told the lawmakers:
“We needed to determine the size and the scope of the issue and finalize our technical and outreach plan before sharing it to avoid fueling the major disinformation environment that surrounds elections,” Griswold said. “I regret that some clerks learned about the issue from a source that was not the department.”
Waiting five days to inform the public and county clerks only after it leaked to the media then passing it off as no big deal is exactly how Griswold fueled what she described as the “major disinformation environment that surrounds elections.”
Again, her magical, secret protocols failed horrifically.
When asked if she would ever have informed election clerks statewide or the public had it not leaked to the media, Griswold avoided the question and insisted again the security breach was no big deal.
And yet here she was, facing a legislative committee demanding answers about it. Paying $25,000 for an “outside investigation” by a law firm full of donors, only to switch law firms when questioned by the media about that too.
That Griswold is incapable of recognizing or admitting that in today’s environment, the password leak was a very big deal indeed, renders her incapable of fulfilling her duties as Secretary of State.
The Democrat controlled state legislature could go a long way in reassuring voters of our election system security by impeaching the Secretary of State for repeatedly failing in her duties while politicizing her position that continues to fuel the “major disinformation environment that surrounds elections.”
If you think public confidence is shaky now, wait until Griswold officially announces her gubernatorial campaign while remaining in charge of Colorado’s elections.