Voting Village Visits DC to Raise Election Security Awareness

DEF CON’s Voting Village left Las Vegas and moved to Washington, D.C., to raise awareness about threats to America’s election infrastructure.

Georgetown Law students Sam Hanks and Kendall Spencer reassemble a (possibly hacked) AutoMark ballot printer at yesterday’s @VotingVillageDC event at the Capitol. (Bridging the gap between law and engineering - note use of screwdriver). pic.twitter.com/gMLOf9KLm6

— matt blaze (@mattblaze) October 30, 2019

U.S. House of Representatives members visited the village earlier this week to gain firsthand knowledge of threats to voting machines by malicious actors.

“It goes to show why we need to be serious about election security, why we should invest in election security,” said Representative Cedric Richmond (D-LA) in an interview with CyberScoop.

The Voting Village began in 2016 to show how America’s election systems are vulnerable to infiltration and manipulation to promote a more secure democracy. The village has released annual reports of its findings, with its latest research detailing decades-old vulnerabilities in voting machines currently in use.

“Voting Village participants have confirmed the persistence of these flaws in previous years as well, along with a raft of new ones,” according to WIRED. “But that makes their continued presence this year all the more alarming, underscoring how slow progress on replacing or repairing vulnerable machines remains.”

Election officials are facing increasing pressure to act to secure America’s election infrastructure ahead of the 2020 presidential election next November. The U.S. Congress has been unable to pass legislation to address election security, despite numerous reports detailing Russian interference in the 2016 presidential election and warnings from the U.S. Department of Homeland Security (DHS) that voting systems remain under attack.

DHS assessed that “numerous actors are regularly targeting election infrastructure, likely for different purposes, including to cause disruptive effects, steal sensitive data, and undermine confidence in the election,” according to a U.S. Senate Intelligence Committee report.

In the November issue of Security Management, Senior Editor Megan Gates details the committee’s findings and what DHS has done in response to prevent similar intrusions. She also explains, however, that the U.S. federal government is limited in its ability to require local election officials to address security vulnerabilities. Some lawmakers, including U.S. Senator Ron Wyden (D-OR), are attempting to address this by introducing legislation to set security standards for elections.

“America is facing a direct assault on the heart of our democracy by a determined adversary,” Wyden wrote in a minority statement attached to the Senate committee’s report. “We would not ask a local sheriff to go to war against the missiles, planes, and tanks of the Russian Army. We shouldn’t ask a county election IT employee to fight a war against the full capabilities and vast resources of Russia’s cyber army. That approach failed in 2016, and it will fail again.”

A development earlier this week helped bolster Wyden’s stance. Facebook announced that it had removed three networks backed by Russia that were spreading disinformation in Africa to manipulate public opinion. The campaigns were linked to Yevgeny Prigozhin, a Russian oligarch that the United States indicted under accusations that he had interfered in the 2016 presidential election.

Russia’s disinformation efforts are evolving, an enormous new Facebook campaign in Africa shows, with implications for the 2020 U.S. election https://t.co/82EBNL6hUE

— The New York Times (@nytimes) October 30, 2019

“Some of the posts promoted Russian policies, while others criticized French and American policies in Africa,” according to The New York Times. “A Facebook page set up by the Russians in Sudan that masqueraded as a news network, called Sudan Daily, regularly reposted articles from Russia’s state-owned Sputnik news organization.”

While disrupting disinformation campaigns has become especially important for elections, it’s also important for organizations because misinformation can influence individuals to take action that poses a security threat.

“While primarily political in nature, fake news has been used against various organizations and poses a real and increasing threat to private sector organizations of all sizes,” wrote Michael Austin for Security Management. “It is important for security professionals to explore the relationship between fake news and corporate security, and determine how they can begin to address the threats posed by the release of false news and information.”