So I was perusing google scholar this morning looking for something helpful...and I found this article released in January 2019. Ive attached the conclusion below and put a link to the pdf at the bottom. Dominion definitely comes up in the full article...as do a few others and one of the findings is that an attack would need to go after more than one type of machine.

"This paper has investigated, from an attacker’s perspective, the effort needed to manipulate the electronic voting machine to change the outcome of a US presidential election. The goal was to determine whether it was possible for an attacker to hack an election with regards to the risk and cost.

This paper demonstrated how an attacker might build a strategy to attack electronic voting machines using two realistic scenarios. Both scenarios have the same basic criteria: in order to be able to win a state, the number of people that do not vote for the attacker’s targeted candidate and use electronic voting machines must be greater than the margin of votes.

The underlying assumptions for both scenarios were that the state polls accurately reflected voter preferences at the time they were conducted and that all attacks were successful. Although these assumptions are a simplification, it has the benefit of providing a model that is easy to understand. The model accomplishes the goal by showing the simplicity of an attack and how it could be performed.

The model shows that it was feasible during the 2016 US presidential election to change the outcome of that election by hacking the electronic voting machines. For example, targeting three models of optical scan machines manufactured by Election Systems & Software could have made it possible to gain at least 96 electoral votes.

Since such an attack could always have controlled the election during the year, an attacker could control the electoral vote outcome by using the model presented. An attacker could use the presented model in order to see how many electoral votes had to be gained starting from when the primary candidate for each party has been elected. The attack would have been possible at a cost of ten million dollars. Since this cost is low compared to what it achieves, it becomes not only a venture for nation-states but could be used by private actors as well.

The major finding of this article is that attacking models by one manufacturer of DRE voting machines alone, could not have changed the election. Attacking models of optical scan voting machines however, would always have made it possible by targeting three models from Election System & Software.

Attacking optical scan machines is a greater risk for an attacker and is not be the best strategy. One must add that using the first algorithm is not a realistic approach and would most likely be detected. The second algorithm, which only targets uncertain states, is a more realistic approach and could more likely go undetected.

It is important to notice that the article is not based on the assumption that the 2016 US presidential election was hacked. The article seeks to introduce a new way of thinking how easy and cheap it can be to hack an election. The model only considers the scale of an attack and not specific targets. This kind of model can be used to measure other kinds of targeted cyber warfare attacks against critical infrastructure to estimate the costs and effect.

The conclusion that is drawn is that that election was most likely not hacked, but the option can not be excluded. **The only recounts that were completed were cases when the ballots were recounted by re-entering them through optical scan machines, which if they were manipulated would not give a different outcome. **

All elections that use digital solutions have this imminent threat since all software, no matter how secure, have vulnerabilities that can be exploited. There is not a way for a digital solution to be secure enough to be used in an election. Because electronic voting machines can be hacked, they should not be used in elections. Paper ballots should be used instead, as they are more secure and reliable."

pdf can be found here. https://www.diva-portal.org/smash/record.jsf?pid=diva2%3A1281662&dswid=1942