DEF CON 2019 and Risks to our Electoral Democracy

By: Stephanie Thomaston

Last month Elevate was in Las Vegas for our first DEF CON, one of the world’s largest and most notable hacker conventions. It made an impressive first impression as there were over 25,000 people with a wide array of experience in the technology and/or information security field. The conference schedule included a variety of activities, events, and talks, covering many cybersecurity related topics. Elevate participated in some of the demos, lectures, villages, and networking events.

The most unique and exciting activity was the “Voting Village”. With the 2020 elections approaching, there is a critical need to assess election vulnerabilities at all levels. The Voting Village at DEF CON is one of the world’s only public third-party assessment of the voting infrastructure. This village included thousands of white hat hackers, government leaders, and members of the media to partake in the mission of meticulously examining voting systems and raising awareness of voting vulnerabilities.

At the Voting Village talks, the NSA’s Threat Operations Center Director Sherri Ramsay spoke about the need for all voters to take responsibility for reforming election security. “We have to be educated, we have to be responsible, we have to be demanding.” Another political speaker that came to the Voting Village was the U.S. Senator from Oregon, Ron Wyden. He spoke about the need to protect our election security.

As a participant in the Voting Village, we were able to plug into and even audit voting machines and other election equipment. For any information security professional, having this opportunity to look at the vulnerabilities of these machines, was both exciting and frightening.

Overall, DEF CON and specifically the Voting Village was an educational experience that taught attendees a lot about election vulnerabilities, an aspect of cybersecurity that usually goes unchecked. Some suggestions to combat election vulnerabilities are as follows:

  • Creating an open standard for auditing and assessing these machines pre-election.
  • During non-election times creating maintenance and testing (even pen-testing) on these systems.
  • Replacing legacy machines
  • Creating a formal and mandatory process for reporting threats and vulnerabilities for voting systems

In summation, attending DEF CON was a wonderful and enlightening experience. We will continue to follow election system technology and hope to see the reform needed to improve our Country’s election security posture.

Elevate has the experience and knowledge to help you assess your security designs and controls on Cloud environments. Whether you have a native cloud application product and/or migrated your traditional environments to cloud infrastructure, Elevate can assist you in ensuring the right strategies and controls are in place.