I've posted this before for you and inspector.
https://www.cisa.gov/news/2020/11/12/joint-statement-elections-infrastructure-government-coordinating-council-election
https://www.cisa.gov/rumorcontrol
OMG! The gov't said the gov't election systems built for and sold to not just the US, but worldwide, created by overseas companies is secure!
That's good enough for me! Whew! I can sleep now!!
Here's a little story. I'll try to keep it short-ish and nontechnical.
I was a contractor at Pacific Fleet headquarters. One system I created was a chat server using open source and off the shelf software. It was a replacement for software our Naval Research and Development program office delivered Navy-wide before the Iraq war. There was an urgent need to create a TESTED version that can handle over 500 users. The current version had a compiled limit of 100 -- the original code's default.
My version was able to handle over 1,000 connections, which I tested using BOT connections. The R&D folks sent me their upgraded version to test, with I did (they couldn't figure out how I was able to get 1,000 actual users to test it!
). Their new version was identical to the old one with that one limit changed. I tried to explain that the IRC server they are delivering won't satisfy their needs, but the response was, "This change is the only official change request we've been given." I found out that the week after an installation team traveled to the Gulf and installed the new version, that site reverted to the Linux server they'd built, abandoning a version I'm sure cost over $40K to create, test, buy hardware for, send people out to install, and document.
The "Cadillac" of IRC servers I created included 4 individual chat servers (HPUX 3600 computers) behind 2 Pentium PCs with multiple network cards running Linux and acting as a load balancing gateway with redundant failover (one PC has problems, the other picks up in its place). The gateway allowed a single IP address to be used by every user's IRC client application, which then picked the server with the lowest number of users to connect to. The 4 servers were configured as a chat network, so regardless of which one you were connected to, you could chat with all the users on all servers. I also added a backup server in Wahiawa.
I won't get into the details, but we were the talk of the Pacific Fleets. Every time there was an exercise where specialized, well-trained Cyber Defense teams tried to infiltrate our command, control, communications and intel systems, the chat system was never breached. However, 3 times the program office sent a "replacement" server to test along side our chat system. Operations would begin on the new system, and mine would only become active if/when the new one was compromised.
That plan lasted about an hour at the beginning of each exercise. The commercially developed, professionally evaluated, top of the line, state of the art chat servers were compromised to a point the "enemy" could inject misinformation, gather information on operations and plans, and even bring down the system if they wished. Once that was apparent, they switched to my home-grown, self-compiled and integrated, fully controlled by BOTS and chat services IRC system.
So, when the gov't says that a system is secure, I have to roll my eyes and wonder what vendors are getting paid, and who has a job lined up with that vendor in a few months after retirement.