For Immediate Release – August 9, 2018 –
WASHINGTON, D.C. – As DEFCON 26 attendees begin to gather in Las Vegas this week, the National Association of Secretaries of State (NASS) would like to address the Voting Machine Hacking Village events. While we applaud the goal of DEFCON attendees to find and report vulnerabilities in election systems it is important to point out states have been hard at work with their own information technology teams, the Department of Homeland Security (DHS), the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC), the private sector, the National Guard and universities to enhance and reinforce their cyber postures with penetration testing, risk and vulnerability assessments and many other tools.
Our main concern with the approach taken by DEFCON is that it utilizes a pseudo environment which in no way replicates state election systems, networks or physical security. Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use, does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day.
We are also concerned that creating “mock” election office networks and voter registration databases for participants to defend and/or hack is also unrealistic. It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols.
While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results.
NASS is standing by, ready to work with civic-minded members of the DEFCON community wanting to become part of a proactive team effort to secure our elections with the shared goal of increasing voter confidence.
# # #