LAS VEGAS—A panel of election officials from across the country spoke at Defcon on Aug. 10 here to talk about their cyber-security concerns. The officials detailed steps taken thus far to help secure election systems and repeatedly emphasized their commitment to making things better.
"We are concerned about cyber-security," Alex Padilla, Secretary of State for California said.
The panel at Defcon was part of the Voting Village, which is now in its second year. The Voting Village first convened in 2017, with researchers demonstrating different ways that election system could be exploited.
Padilla said the election system security is critical, because voters need to have confidence in their democracy and know that their votes matter. He added that cyber-security attacks against voting systems are essentially a form of voter suppression, as it undermines the integrity of election system confidence in the vote tallies. After the Defcon voting village in 2017, Padilla said that many citizen heard that voting machine could be easily hacked. That's part of the reason why he came to Defcon this year, to see what is real and to learn.
Padilla said that he along with other state officials first got a call from the Department of Homeland Security (DHS) in late summer of 2016 with members of the Obama administration about whether or not to declare election systems as critical infrastructure. Since then election officials in California have had to get a crash course in cyber-security.
"It doesn't mean we didn't care about cyber-security before, but there has never been a greater emphasis than there is now," Padilla said. "It's our new reality."
Election cyber-security tools
Improving election cyber-security isn't just about improving equipment and identifying technical vulnerabilities. Padilla said that it's also about professional development and training. Padilla said that how elections are secured is also about countering disinformation as well.
"We can have the best protection in place, but if someone clicks a link from their long lost uncle, what's it all for?" Padilla said, in reference to the threat of phishing emails compromising election system security.
Overall though, Padilla said that there is a need for more federal resources to help state and local officials improve election cyber-security.
"We need more regular and consistent support from the federal government if we are going to continue to improve," Padilla said.
Noah Praetz, Director of Elections, Cook County, Illinois said that in his county they are trying to figure out how to partner with states and DHS, as a force multiplier to improve security efforts. Praetz said that given the volume of threat data there is a real need for a dedicated staff and focus on election cyber-security. Amber McReynolds, Director of Elections, City and County of Denver, commented that cyber-security concerns are part of a long list of security concerns she deals with including physical security such as bomb threats.
Neal Kelley, Chief of Elections, Registrar of Voters, Orange County, California, said that there have been multiple improvements in his county to improve cyber-security. He said that the county now has a multi-layered, defense in depth approach that is continuously improving.
"Training has increased tremendously for our employees, but we still see employees do things they shouldn't do and it's an ongoing struggle," Kelley said.
The question was raising during before the panel if hacking an election is an act of war. Jeanette Manfra, National Protection and Programs Directorate (NPPD) Assistant Secretary for the Office of Cybersecurity and Communications (CS&C) at DHS said that other nations have been trying to undermine American democracy for decades. In her view, cyber-attacks are just the latest attempt and that's why there is a need to improve systems.
"I'm a believer that a stronger defense can be a deterrent," Manfra said. "That's why we're here, we have to make it harder."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.