Skip to content
Search

Latest Stories

NatSecEdge
cipherbrief

Welcome! Log in to stay connected and make the most of your experience.

Input clean

Election Security is National Security

Rob Joyce is the Senior Advisor for Cybersecurity Strategy at the National Security Agency.  He was also a key speaker at DEF CON 26, the premiere hacker's convention held every year in Las Vegas.  Following in the footsteps of previous NSA leaders, Joyce's mission at DEF CON this year was two-fold, to share information about the needed focus on national cybersecurity-focused threats and to recruit some of the world's top talent to join in the mission.  Joyce penned the following opinion piece for The Cipher Brief just weeks before the 2018 midterm elections.  

OPINION — Many different organizations and individuals need to pull together to ensure we have secure and trustworthy elections.  The distributed nature of our elections throughout the state and local governments means there are widely varying levels of expertise and resources available, even when state and local officials leverage the federal government for support.  This election infrastructure can be expansive, and includes the voting machines themselves, the tabulation processes, the voter registration databases and the associated networks.  Each of these requires a detailed focus from many entities to protect against adversaries seeking access to data for influence operations, threatening the availability of the services, or posing threats to the integrity of the information.


I recently caught a glimpse of the kind of offensive focus I’m talking about at the Voting Village at DEF CON 26. I witnessed private individuals donating their time to improve the security of our election processes.  They’ve made incredible contributions, and are offering advancements for federal, state, and local election programs, as well as insights for the manufacturers of voting technology.  Strongly connecting all the contributors to our election process needs to be a goal for improving election security.  These connections are vitally important to ensure everyone is aware of the threats, best practices and needed improvements.

Amazing talent and expertise gathers at DEF CON with an enthusiasm to make things better.  The combination of skilled cybersecurity experts in partnership with industry and the ultimate end users of the technology – state and local election officials – is a powerful alliance.  There are great examples of companies embracing the enthusiasm of the DEF CON hacking villages, the automotive hacking village being an impressive model.  Watching Tesla supply equipment and change the terms of service on their warranty to fix cars damaged during cybersecurity investigations sends a powerful message about their intentions to support the security of their products.  The participation of Tesla’s engineers in the automotive hacking village connects them in a deeply operational way that results in improvements.  Steering the voting village to similar collaborative relationships will take us to the next level and address the constant erosion of trust, which only helps further the objectives of our adversaries.

Ignorance of insecurity does not bring you security.  As time passes, the security of any device begins to erode.  New exploitation techniques are developed.  New investigative tools are created.  Zero days are discovered in operating systems.  The capabilities and repertoire of the exploiters grows.  Developers of the security models for a device can never predict every creative idea that will be tried during exploitation.  For these reasons, we need to continuously red team our devices and processes.  This independent testing provides great benefit by straining assumptions and uncovering hidden flaws.

Another key aspect of securing our election processes is simply focusing on the fundamentals.  As we embrace electronic technology, the basic security practices of updating and patching are critical.  Having strong adherence to recommended security design practices is vital.  Often, paying attention to detail in the things that we already know how to do, removes significant risk.

While DEF CON continues to foster a venue to investigate election infrastructure in the Voting Village, the focus cannot simply be about calling out the state of security in our current technology. Rather the result needs to be developing tangible actions that lead to collaborations that will make us more secure.

Election security is a matter of national security, and there’s no question that progress has been made since 2016 – government-industry partnerships exist today that simply did not exist even a year ago.  These security-focused engagements between election officials, the federal government, and vendors will undoubtedly contribute to making the 2018 mid-terms the most secure elections in recent memory.  But there’s more to be done, and securing our elections is like a race without a finish line.  Together as a community – hackers, government and industry – can bring powerful assurances to a foundational component of our freedom: fair and trustworthy elections.

Save Your Seat

Related Articles

Ex-Spy Warns of Case Officer Tactics in Trump-Putin Dynamic

EXPERT Q&A – After Friday’s meeting in Alaska between U.S. President Donald Trump and Russian President Vladimir Putin, former CIA senior officer and [...] More

​The Weekend Interview: Former CIA Station Chief on Strategic Global Hotspots

​The Weekend Interview: Former CIA Station Chief on Strategic Global Hotspots

WEEKEND INTERVIEW: The signing of a peace framework between the President of Armenia and the Prime Minister of Azerbaijan on Friday at the White [...] More

Sabotage Without Warning: ​Why the Gray Zone Could Be America’s Biggest Blind Spot

Sabotage Without Warning: ​Why the Gray Zone Could Be America’s Biggest Blind Spot

EXPERT BRIEFING — Polish Prime Minister Donald Tusk announced this week that 32 people have been detained since the start of Moscow’s war with [...] More

Two Existential Threats: CIA’s Reputation vs. Democracy’s Survival

OPINION -- In his recent Cipher Brief essay, CIA's Latest Existential Challenge, former CIA senior officer Mark Kelton argues that the Central [...] More

Can the U.S. Fix a Broken System of Acquiring Weapons?

Can the U.S. Fix a Broken System of Acquiring Weapons?

DEEP DIVE – It’s a rare area of bipartisan agreement in Washington: a belief that the U.S. must reform the way it develops and obtains its weapons. [...] More

Experts Warn of Insurgents' Paradise in West Africa

Experts Warn of Insurgents' Paradise in West Africa

CIPHER BRIEF REPORTING– A terrorist group with links to Al Qaeda now controls a swath of territory five times the size of Texas, threatens the [...] More